summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_cert.c
diff options
context:
space:
mode:
authorAndrey Suvorov <a.suvorov@f5.com>2021-05-17 14:28:38 -0700
committerAndrey Suvorov <a.suvorov@f5.com>2021-05-17 14:28:38 -0700
commit19dfeba86b9dda6f1960ba9b3dba4708565d27ad (patch)
tree416fa0e00149f6eb25b073d51f9ef868671c2d9b /src/nxt_cert.c
parent1198118b3b987930c508d78d90af909eec1835db (diff)
downloadunit-19dfeba86b9dda6f1960ba9b3dba4708565d27ad.tar.gz
unit-19dfeba86b9dda6f1960ba9b3dba4708565d27ad.tar.bz2
Fixing a crash after applying the wrong TLS configuration.
When an invalid TLS configuration is applied (such as the conf_commands feature), nxt_cert_store_get() creates a buffer to send a certificate request to the main process and adds its default completion handler to an asynchronous queue to free the allocated buffer. However, if configuration fails, nxt_router_conf_error() removes the memory pool used to allocate the buffer, causing a crash when the completion handler is dispatched. Assertion "src/nxt_buf.c:208 assertion failed: data == b->parent" is triggered when is NXT_DEBUG enabled in the configure script. This patch uses a reference counter to retain the memory pool and redefines the completion handler to free the buffer before releasing the memory pool.
Diffstat (limited to '')
-rw-r--r--src/nxt_cert.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/src/nxt_cert.c b/src/nxt_cert.c
index 3cdb69c1..1806bc19 100644
--- a/src/nxt_cert.c
+++ b/src/nxt_cert.c
@@ -48,6 +48,7 @@ static nxt_conf_value_t *nxt_cert_name_details(nxt_mp_t *mp, X509 *x509,
nxt_bool_t issuer);
static nxt_conf_value_t *nxt_cert_alt_names_details(nxt_mp_t *mp,
STACK_OF(GENERAL_NAME) *alt_names);
+static void nxt_cert_buf_completion(nxt_task_t *task, void *obj, void *data);
static nxt_lvlhsh_t nxt_cert_info;
@@ -1073,6 +1074,9 @@ nxt_cert_store_get(nxt_task_t *task, nxt_str_t *name, nxt_mp_t *mp,
goto fail;
}
+ nxt_mp_retain(mp);
+ b->completion_handler = nxt_cert_buf_completion;
+
nxt_buf_cpystr(b, name);
*b->mem.free++ = '\0';
@@ -1102,6 +1106,21 @@ fail:
}
+static void
+nxt_cert_buf_completion(nxt_task_t *task, void *obj, void *data)
+{
+ nxt_mp_t *mp;
+ nxt_buf_t *b;
+
+ b = obj;
+ mp = b->data;
+ nxt_assert(b->next == NULL);
+
+ nxt_mp_free(mp, b);
+ nxt_mp_release(mp);
+}
+
+
void
nxt_cert_store_get_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg)
{