openssl: fix OpenSSL error queue leak in OpenSSL::PKCS12.new

* ext/openssl/ossl_pkcs12.c (ossl_pkcs12_initialize): pop errors leaked by PKCS12_parse(). This is a bug in OpenSSL, which exists in the versions before the version 1.0.0t, 1.0.1p, 1.0.2d. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55057 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2016-05-18 07:59:09 +00:00 · 2016-05-18 07:59:09 +00:00 · 68f119cbf4
commit 68f119cbf4
parent 1fcce422d8
2 changed files with 10 additions and 0 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Wed May 18 16:52:03 2016  Kazuki Yamaguchi  <k@rhe.jp>
+
+	* ext/openssl/ossl_pkcs12.c (ossl_pkcs12_initialize): pop errors
+	  leaked by PKCS12_parse(). This is a bug in OpenSSL, which exists
+	  in the versions before the version 1.0.0t, 1.0.1p, 1.0.2d.
+
 Wed May 18 16:04:54 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* tool/downloader.rb (Downloader::RubyGems.download): verify gems
--- a/ext/openssl/ossl_pkcs12.c
+++ b/ext/openssl/ossl_pkcs12.c
@ -165,8 +165,12 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
    BIO_free(in);

    pkey = cert = ca = Qnil;
+    /* OpenSSL's bug; PKCS12_parse() puts errors even if it succeeds.
+     * Fixed in OpenSSL 1.0.0t, 1.0.1p, 1.0.2d */
+    ERR_set_mark();
    if(!PKCS12_parse(pkcs, passphrase, &key, &x509, &x509s))
 	ossl_raise(ePKCS12Error, "PKCS12_parse");
+    ERR_pop_to_mark();
    pkey = rb_protect((VALUE(*)_((VALUE)))ossl_pkey_new, (VALUE)key,
 		      &st); /* NO DUP */
    if(st) goto err;