)]}'
{
  "commit": "a3a399d7802481e0a58d65f837a14753fdf346c7",
  "tree": "13e4f40768d06e8e960803f52031273cf4b68867",
  "parents": [
    "1b658f9afef724d5f6b44ddd4878ff0bad3440a9"
  ],
  "author": {
    "name": "Roman Arutyunyan",
    "email": "arut@nginx.com",
    "time": "Mon Jun 15 20:17:16 2020 +0300"
  },
  "committer": {
    "name": "Roman Arutyunyan",
    "email": "arut@nginx.com",
    "time": "Mon Jun 15 20:17:16 2020 +0300"
  },
  "message": "OCSP: fixed use-after-free on error.\n\nWhen validating second and further certificates, ssl callback could be called\ntwice to report the error.  After the first call client connection is\nterminated and its memory is released.  Prior to the second call and in it\nreleased connection memory is accessed.\n\nErrors triggering this behavior:\n- failure to create the request\n- failure to start resolving OCSP responder name\n- failure to start connecting to the OCSP responder\n\nThe fix is to rearrange the code to eliminate the second call.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "a0a63c16516ff5a18559e0af159452c2e4c998b5",
      "old_mode": 33188,
      "old_path": "src/event/ngx_event_openssl_stapling.c",
      "new_id": "0e79d6cc495d774beea7c43922182fb04178b9c7",
      "new_mode": 33188,
      "new_path": "src/event/ngx_event_openssl_stapling.c"
    }
  ]
}
