SSL: fixed potential leak on memory allocation errors.
If ngx_pool_cleanup_add() fails, we have to clean just created SSL context
manually, thus appropriate call added.
Additionally, ngx_pool_cleanup_add() moved closer to ngx_ssl_create() in
the ngx_http_ssl_module, to make sure there are no leaks due to intermediate
code.
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
index 18478b9..f59ecbd 100644
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -4650,6 +4650,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(glcf->upstream.ssl);
return NGX_ERROR;
}
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index d6a8922..3aafb99 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -4270,6 +4270,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(plcf->upstream.ssl);
return NGX_ERROR;
}
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 1b2830d..b3f8f47 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -700,6 +700,15 @@
return NGX_CONF_ERROR;
}
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(&conf->ssl);
+ return NGX_CONF_ERROR;
+ }
+
+ cln->handler = ngx_ssl_cleanup_ctx;
+ cln->data = &conf->ssl;
+
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
@@ -723,14 +732,6 @@
ngx_http_ssl_npn_advertised, NULL);
#endif
- cln = ngx_pool_cleanup_add(cf->pool, 0);
- if (cln == NULL) {
- return NGX_CONF_ERROR;
- }
-
- cln->handler = ngx_ssl_cleanup_ctx;
- cln->data = &conf->ssl;
-
if (ngx_http_ssl_compile_certificates(cf, conf) != NGX_OK) {
return NGX_CONF_ERROR;
}
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
index 8b09110..56dc236 100644
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2359,6 +2359,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(uwcf->upstream.ssl);
return NGX_ERROR;
}
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index 10e982e..5544f75 100644
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -370,6 +370,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(&conf->ssl);
return NGX_CONF_ERROR;
}
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
index d7bdec2..127c8a4 100644
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -2096,6 +2096,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(pscf->ssl);
return NGX_ERROR;
}
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
index b099a80..ec9524e 100644
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -690,6 +690,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(&conf->ssl);
return NGX_CONF_ERROR;
}
