kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* ext/openssl/ossl_pkcs7.c: fix crash when parsing garbage data.

Browse source 
* test/openssl/test_pkcs7.rb: assert correct behavior for it.
  Thanks to Matt Venables for reporting the issue.
  [ruby-core:43250][Bug #6134]



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@35167 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
emboss 2012-03-29 01:27:17 +00:00
parent 8e601a20f4
commit aad347f5ec
3 changed files with 19 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
ChangeLog
View file

@ -1,3 +1,10 @@
Thu Mar 29 10:20:18 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
* ext/openssl/ossl_pkcs7.c: fix crash when parsing garbage data.
* test/openssl/test_pkcs7.rb: assert correct behavior for it.
Thanks to Matt Venables for reporting the issue.
[ruby-core:43250][Bug #6134]
Thu Mar 29 10:16:05 2012 NAKAMURA Usaku <usa@ruby-lang.org> Thu Mar 29 10:16:05 2012 NAKAMURA Usaku <usa@ruby-lang.org>
* thread_win32.c (TIME_QUANTUM_USEC): 10ms(= old setting) [experimental] * thread_win32.c (TIME_QUANTUM_USEC): 10ms(= old setting) [experimental]
@ -13,7 +20,7 @@ Thu Mar 29 10:12:12 2012 NAKAMURA Usaku <usa@ruby-lang.org>
Thu Mar 29 09:26:17 2012 Martin Bosslet <Martin.Bosslet@googlemail.com> Thu Mar 29 09:26:17 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
* test/openssl/test_x509cert.rb: Exclude test that fails when issuing * test/openssl/test_x509cert.rb: exclude test that fails when issuing
a certificate with RSA signature and DSS1 digest for earlier a certificate with RSA signature and DSS1 digest for earlier
OpenSSL versions when used in conjunction with OpenSSL 1.0.1. OpenSSL versions when used in conjunction with OpenSSL 1.0.1.
Thanks, Vit Ondruch, for reporting the issue. Thanks, Vit Ondruch, for reporting the issue.

9
ext/openssl/ossl_pkcs7.c
View file

@ -318,14 +318,17 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
arg = ossl_to_der_if_possible(arg); arg = ossl_to_der_if_possible(arg);
in = ossl_obj2bio(arg); in = ossl_obj2bio(arg);
p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL); p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL);
DATA_PTR(self) = pkcs;
if (!p7) { if (!p7) {
OSSL_BIO_reset(in); OSSL_BIO_reset(in);
p7 = d2i_PKCS7_bio(in, &pkcs); p7 = d2i_PKCS7_bio(in, &pkcs);
if (!p7) if (!p7) {
BIO_free(in);
PKCS7_free(pkcs);
DATA_PTR(self) = NULL;
ossl_raise(rb_eArgError, "Could not parse the PKCS7"); ossl_raise(rb_eArgError, "Could not parse the PKCS7");
DATA_PTR(self) = pkcs; }
} }
DATA_PTR(self) = pkcs;
BIO_free(in); BIO_free(in);
ossl_pkcs7_set_data(self, Qnil); ossl_pkcs7_set_data(self, Qnil);
ossl_pkcs7_set_err_string(self, Qnil); ossl_pkcs7_set_err_string(self, Qnil);

5
test/openssl/test_pkcs7.rb
View file

@ -146,6 +146,11 @@ class OpenSSL::TestPKCS7 < Test::Unit::TestCase
assert_equal(3, recip[1].serial) assert_equal(3, recip[1].serial)
assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert)) assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
end end
def test_graceful_parsing_failure #[ruby-core:43250]
contents = File.read(__FILE__)
assert_raise(ArgumentError) { OpenSSL::PKCS7.new(contents) }
end
end end
end end