kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error

Browse source 
in ext/openssl instead of OpenSSL itself because LibreSSL
  silently truncate the selected protocol name by casting the length
  from int to unsigned char. [Bug #11369]
  Patch by Jeremy Evans <merch-redmine@jeremyevans.net>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52227 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
naruse 2015-10-22 16:54:01 +00:00
parent e4d925bf3a
commit d7d779b594
2 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ChangeLog
View file

@ -1,3 +1,11 @@
Fri Oct 23 00:32:02 2015 NARUSE, Yui <naruse@ruby-lang.org>
* ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error
in ext/openssl instead of OpenSSL itself because LibreSSL
silently truncate the selected protocol name by casting the length
from int to unsigned char. [Bug #11369]
Patch by Jeremy Evans <merch-redmine@jeremyevans.net>
Fri Oct 23 00:49:45 2015 Shugo Maeda <shugo@ruby-lang.org> Fri Oct 23 00:49:45 2015 Shugo Maeda <shugo@ruby-lang.org>
* lib/un.rb (help): change the name of a block parameter to avoid * lib/un.rb (help): change the name of a block parameter to avoid

7
ext/openssl/ossl_ssl.c
View file

@ -599,9 +599,12 @@ ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsi
selected = rb_funcall(cb, rb_intern("call"), 1, protocols); selected = rb_funcall(cb, rb_intern("call"), 1, protocols);
StringValue(selected); StringValue(selected);
i = RSTRING_LENINT(selected);
if (i < 1 || i >= 256) {
ossl_raise(eSSLError, "Selected protocol must have length 1..255");
}
*out = (unsigned char *) StringValuePtr(selected); *out = (unsigned char *) StringValuePtr(selected);
*outlen = RSTRING_LENINT(selected); *outlen = i;
return SSL_TLSEXT_ERR_OK; return SSL_TLSEXT_ERR_OK;
} }