Google Git
Sign in
nginx/nginx/1ebb44e3e3dcc7e321819a54915e9eff2aa1aa81^!/.
commit
1ebb44e3e3dcc7e321819a54915e9eff2aa1aa81
[log]
author
Maxim Dounin <mdounin@mdounin.ru>
Thu Jan 23 18:32:26 2014 +0400
committer
Maxim Dounin <mdounin@mdounin.ru>
Thu Jan 23 18:32:26 2014 +0400
tree
dec3e862570aa0a1c58cf1dceb0a2c3d13a0cb71
parent
bb40c4ed2f937ac5f2eb276954e67216cd09c473 [diff]
SSL: fixed $ssl_session_id possible segfault after 97e3769637a7.

Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation.  As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9).  The check added returns an empty
string if there is no session available.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 9935fb0..cbe4136 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c

@@ -2508,6 +2508,10 @@
     SSL_SESSION  *sess;
 
     sess = SSL_get0_session(c->ssl->connection);
+    if (sess == NULL) {
+        s->len = 0;
+        return NGX_OK;
+    }
 
     buf = sess->session_id;
     len = sess->session_id_length;