openssl: check argument type in OpenSSL::X509::Attribute#value=

* ext/openssl/ossl_x509attr.c (ossl_x509attr_set_value): check that the argument is an OpenSSL::ASN1::Data before converting to ASN1_TYPE. This fixes SEGV on OpenSSL::X509::Attribute#value=(non-asn1-value). * test/openssl/test_x509attr.rb: add tests for OpenSSL::X509::Attribute. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55071 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2016-05-19 04:12:57 +00:00 · 2016-05-19 04:12:57 +00:00 · a24fe080a4
commit a24fe080a4
parent 4176db205e
3 changed files with 65 additions and 0 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+Thu May 19 13:11:35 2016  Kazuki Yamaguchi  <k@rhe.jp>
+
+	* ext/openssl/ossl_x509attr.c (ossl_x509attr_set_value): check that the
+	  argument is an OpenSSL::ASN1::Data before converting to ASN1_TYPE.
+	  This fixes SEGV on OpenSSL::X509::Attribute#value=(non-asn1-value).
+
+	* test/openssl/test_x509attr.rb: add tests for OpenSSL::X509::Attribute.
+
 Thu May 19 12:10:10 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* re.c (rb_reg_match_m_p): fix match against empty string.
--- a/ext/openssl/ossl_x509attr.c
+++ b/ext/openssl/ossl_x509attr.c
@ -196,6 +196,7 @@ ossl_x509attr_set_value(VALUE self, VALUE value)
    X509_ATTRIBUTE *attr;
    ASN1_TYPE *a1type;

+    OSSL_Check_Kind(value, cASN1Data);
    if(!(a1type = ossl_asn1_get_asn1type(value)))
 	ossl_raise(eASN1Error, "could not get ASN1_TYPE");
    if(ASN1_TYPE_get(a1type) == V_ASN1_SEQUENCE){
--- a/test/openssl/test_x509attr.rb
+++ b/test/openssl/test_x509attr.rb
@ -0,0 +1,56 @@
+# frozen_string_literal: false
+require_relative "utils"
+
+if defined?(OpenSSL::TestUtils)
+
+class OpenSSL::TestX509Attribute < OpenSSL::TestCase
+  def test_new
+    ef = OpenSSL::X509::ExtensionFactory.new
+    val = OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([
+      ef.create_extension("keyUsage", "keyCertSign", true)
+    ])])
+    attr = OpenSSL::X509::Attribute.new("extReq", val)
+    assert_equal("extReq", attr.oid)
+    assert_equal(val.to_der, attr.value.to_der)
+  end
+
+  def test_from_der
+    # oid: challengePassword, values: Set[UTF8String<"abc123">]
+    test_der = "\x30\x15\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x07\x31\x08" \
+      "\x0c\x06\x61\x62\x63\x31\x32\x33".b
+    attr = OpenSSL::X509::Attribute.new(test_der)
+    assert_equal(test_der, attr.to_der)
+    assert_equal("challengePassword", attr.oid)
+    assert_equal("abc123", attr.value.value[0].value)
+  end
+
+  def test_to_der
+    ef = OpenSSL::X509::ExtensionFactory.new
+    val = OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([
+      ef.create_extension("keyUsage", "keyCertSign", true)
+    ])])
+    attr = OpenSSL::X509::Attribute.new("extReq", val)
+    expected = OpenSSL::ASN1::Sequence.new([
+      OpenSSL::ASN1::ObjectId.new("extReq"),
+      val
+    ])
+    assert_equal(expected.to_der, attr.to_der)
+  end
+
+  def test_invalid_value
+    # should not change the original value
+    test_der = "\x30\x15\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x07\x31\x08" \
+      "\x0c\x06\x61\x62\x63\x31\x32\x33".b
+    attr = OpenSSL::X509::Attribute.new(test_der)
+    assert_raise(TypeError) {
+      attr.value = "1234"
+    }
+    assert_equal(test_der, attr.to_der)
+    assert_raise(OpenSSL::X509::AttributeError) {
+      attr.oid = "abc123"
+    }
+    assert_equal(test_der, attr.to_der)
+  end
+end
+
+end