From 1ebb44e3e3dcc7e321819a54915e9eff2aa1aa81 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Thu, 23 Jan 2014 18:32:26 +0400 Subject: [PATCH] SSL: fixed $ssl_session_id possible segfault after 97e3769637a7. Even during execution of a request it is possible that there will be no session available, notably in case of renegotiation. As a result logging of $ssl_session_id in some cases caused NULL pointer dereference after revision 97e3769637a7 (1.5.9). The check added returns an empty string if there is no session available. --- src/event/ngx_event_openssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 9935fb098..cbe4136a1 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -2508,6 +2508,10 @@ ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) SSL_SESSION *sess; sess = SSL_get0_session(c->ssl->connection); + if (sess == NULL) { + s->len = 0; + return NGX_OK; + } buf = sess->session_id; len = sess->session_id_length;