merge revision(s) r45595: [Backport #9743] [Backport #9745]

* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal() finalizes only a copy of the digest context, the context must be cleaned up after initialization by EVP_MD_CTX_cleanup() or a memory leak will occur. [ruby-core:62038] [Bug #9743] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@45821 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2014-05-04 17:44:00 +00:00 · 2014-05-04 17:44:00 +00:00 · 01cf2127bd
commit 01cf2127bd
parent acd893d175
4 changed files with 43 additions and 3 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+Mon May  5 02:35:20 2014  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
+	  finalizes only a copy of the digest context, the context must be
+	  cleaned up after initialization by EVP_MD_CTX_cleanup() or a
+	  memory leak will occur.  [ruby-core:62038] [Bug #9743]
+
 Mon May  5 02:21:48 2014  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* ext/dl/cptr.c (dlptr_free), ext/dl/handle.c (dlhandle_free),
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@ -318,13 +318,16 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
 {
    EVP_PKEY *pkey;
    EVP_MD_CTX ctx;
+    int result;

    GetPKey(self, pkey);
-    EVP_VerifyInit(&ctx, GetDigestPtr(digest));
    StringValue(sig);
    StringValue(data);
+    EVP_VerifyInit(&ctx, GetDigestPtr(digest));
    EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
-    switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey)) {
+    result = EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey);
+    EVP_MD_CTX_cleanup(&ctx);
+    switch (result) {
    case 0:
 	return Qfalse;
    case 1:
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@ -75,6 +75,36 @@ class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
    assert(key.verify(digest, sig, data))
  end

+  def test_sign_verify_memory_leak
+    bug9743 = '[ruby-core:62038] [Bug #9743]'
+    assert_no_memory_leak(%w[-ropenssl], <<-PREP, <<-CODE, bug9743, rss: true)
+    data = 'Sign me!'
+    digest = OpenSSL::Digest::SHA512.new
+    pkey = OpenSSL::PKey::RSA.new(2048)
+    signature = pkey.sign(digest, data)
+    pub_key = pkey.public_key
+    PREP
+    20_000.times {
+      pub_key.verify(digest, signature, data)
+    }
+    CODE
+
+    assert_no_memory_leak(%w[-ropenssl], <<-PREP, <<-CODE, bug9743, rss: true)
+    data = 'Sign me!'
+    digest = OpenSSL::Digest::SHA512.new
+    pkey = OpenSSL::PKey::RSA.new(2048)
+    signature = pkey.sign(digest, data)
+    pub_key = pkey.public_key
+    PREP
+    20_000.times {
+      begin
+        pub_key.verify(digest, signature, 1)
+      rescue TypeError
+      end
+    }
+    CODE
+  end
+
  def test_digest_state_irrelevant_sign
    key = OpenSSL::TestUtils::TEST_KEY_RSA1024
    digest1 = OpenSSL::Digest::SHA1.new
--- a/version.h
+++ b/version.h
@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.1.2"
 #define RUBY_RELEASE_DATE "2014-05-05"
-#define RUBY_PATCHLEVEL 91
+#define RUBY_PATCHLEVEL 92

 #define RUBY_RELEASE_YEAR 2014
 #define RUBY_RELEASE_MONTH 5