From 3269ede95481c046be2c70e247da455943f4cd5b Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 16 Jun 2026 19:58:28 +0100 Subject: [PATCH] SSL: fixed memory leak in ngx_ssl_get_ech_outer_server_name(). SSL_ech_get1_status() allocates inner_sni and outer_sni and transfers ownership to the caller. On the allocation-failure path the function returned without freeing them, unlike ngx_ssl_get_ech_status() which frees both on all paths. --- src/event/ngx_event_openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 9868dfa2f..c6f9538c9 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -5953,6 +5953,8 @@ ngx_ssl_get_ech_outer_server_name(ngx_connection_t *c, ngx_pool_t *pool, s->data = ngx_pnalloc(pool, s->len); if (s->data == NULL) { + OPENSSL_free(inner_sni); + OPENSSL_free(outer_sni); return NGX_ERROR; }