]> git.kaiwu.me - nginx.git/commitdiff
SSL: fixed memory leak in ngx_ssl_get_ech_outer_server_name(). master
authorDavid Carlier <devnexen@gmail.com>
Tue, 16 Jun 2026 18:58:28 +0000 (19:58 +0100)
committerAleksei Bavshin <a.bavshin@f5.com>
Mon, 13 Jul 2026 18:46:20 +0000 (11:46 -0700)
SSL_ech_get1_status() allocates inner_sni and outer_sni and transfers
ownership to the caller.  On the allocation-failure path the function
returned without freeing them, unlike ngx_ssl_get_ech_status() which
frees both on all paths.

src/event/ngx_event_openssl.c

index 9868dfa2f5d76e95ab4048d83f4d97eebf6ce603..c6f9538c9b3449f1d5d74aee555919f9a3f84329 100644 (file)
@@ -5953,6 +5953,8 @@ ngx_ssl_get_ech_outer_server_name(ngx_connection_t *c, ngx_pool_t *pool,
 
         s->data = ngx_pnalloc(pool, s->len);
         if (s->data == NULL) {
 
         s->data = ngx_pnalloc(pool, s->len);
         if (s->data == NULL) {
+            OPENSSL_free(inner_sni);
+            OPENSSL_free(outer_sni);
             return NGX_ERROR;
         }
 
             return NGX_ERROR;
         }