From: Roman Arutyunyan Date: Tue, 21 Apr 2026 10:51:41 +0000 (+0400) Subject: OCSP: resolve cleanup on connection close X-Git-Tag: release-1.31.0~7 X-Git-Url: http://git.kaiwu.me/postgresql/log/contrib/postgres_fdw/postgres_fdw.c?a=commitdiff_plain;h=71841dcedfdf46048ef5e25413fdf97a66957913;p=nginx.git OCSP: resolve cleanup on connection close Previously, when a client SSL connection was terminated (typically due to a timeout) while resolving an OCSP responder, the OCSP context was freed, but the resolve context was not. This resulted in use-after-free on resolve completion. Reported by Leo Lin. --- diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c index 0f560f17d..86d8b2c55 100644 --- a/src/event/ngx_event_openssl_stapling.c +++ b/src/event/ngx_event_openssl_stapling.c @@ -113,6 +113,7 @@ struct ngx_ssl_ocsp_ctx_s { ngx_resolver_t *resolver; ngx_msec_t resolver_timeout; + ngx_resolver_ctx_t *resolve; ngx_msec_t timeout; @@ -1341,6 +1342,10 @@ ngx_ssl_ocsp_done(ngx_ssl_ocsp_ctx_t *ctx) ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0, "ssl ocsp done"); + if (ctx->resolve) { + ngx_resolve_name_done(ctx->resolve); + } + if (ctx->peer.connection) { ngx_close_connection(ctx->peer.connection); } @@ -1433,7 +1438,10 @@ ngx_ssl_ocsp_request(ngx_ssl_ocsp_ctx_t *ctx) resolve->data = ctx; resolve->timeout = ctx->resolver_timeout; + ctx->resolve = resolve; + if (ngx_resolve_name(resolve) != NGX_OK) { + ctx->resolve = NULL; ngx_ssl_ocsp_error(ctx); return; } @@ -1522,6 +1530,7 @@ ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve) } ngx_resolve_name_done(resolve); + ctx->resolve = NULL; ngx_ssl_ocsp_connect(ctx); return; @@ -1529,6 +1538,8 @@ ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve) failed: ngx_resolve_name_done(resolve); + ctx->resolve = NULL; + ngx_ssl_ocsp_error(ctx); }