kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

[ruby/openssl] fix segv in Timestamp::{Request,Response,TokenInfo}.new

Browse source 
prevent `ossl_ts_*_free()` from calling when `d2i_TS_*_bio()` failed.

https://github.com/ruby/openssl/commit/b29e215786
This commit is contained in:
Nobuhiro IMAI 2020-09-29 00:05:36 +09:00 committed by Kazuki Yamaguchi
parent 6dcc74155f
commit f88401f38e
2 changed files with 27 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
ext/openssl/ossl_ts.c
View file

@ -211,8 +211,10 @@ ossl_ts_req_initialize(int argc, VALUE *argv, VALUE self)
in = ossl_obj2bio(&arg); in = ossl_obj2bio(&arg);
ts_req = d2i_TS_REQ_bio(in, &ts_req); ts_req = d2i_TS_REQ_bio(in, &ts_req);
BIO_free(in); BIO_free(in);
if (!ts_req) if (!ts_req) {
DATA_PTR(self) = NULL;
ossl_raise(eTimestampError, "Error when decoding the timestamp request"); ossl_raise(eTimestampError, "Error when decoding the timestamp request");
}
DATA_PTR(self) = ts_req; DATA_PTR(self) = ts_req;
return self; return self;
@ -535,8 +537,10 @@ ossl_ts_resp_initialize(VALUE self, VALUE der)
in = ossl_obj2bio(&der); in = ossl_obj2bio(&der);
ts_resp = d2i_TS_RESP_bio(in, &ts_resp); ts_resp = d2i_TS_RESP_bio(in, &ts_resp);
BIO_free(in); BIO_free(in);
if (!ts_resp) if (!ts_resp) {
DATA_PTR(self) = NULL;
ossl_raise(eTimestampError, "Error when decoding the timestamp response"); ossl_raise(eTimestampError, "Error when decoding the timestamp response");
}
DATA_PTR(self) = ts_resp; DATA_PTR(self) = ts_resp;
return self; return self;
@ -874,8 +878,10 @@ ossl_ts_token_info_initialize(VALUE self, VALUE der)
in = ossl_obj2bio(&der); in = ossl_obj2bio(&der);
info = d2i_TS_TST_INFO_bio(in, &info); info = d2i_TS_TST_INFO_bio(in, &info);
BIO_free(in); BIO_free(in);
if (!info) if (!info) {
DATA_PTR(self) = NULL;
ossl_raise(eTimestampError, "Error when decoding the timestamp token info"); ossl_raise(eTimestampError, "Error when decoding the timestamp token info");
}
DATA_PTR(self) = info; DATA_PTR(self) = info;
return self; return self;

18
test/openssl/test_ts.rb
View file

@ -181,6 +181,12 @@ _end_of_pem_
assert_equal(42, qer2.nonce) assert_equal(42, qer2.nonce)
end end
def test_request_invalid_asn1
assert_raise(OpenSSL::Timestamp::TimestampError) do
OpenSSL::Timestamp::Request.new("*" * 44)
end
end
def test_response_constants def test_response_constants
assert_equal(0, OpenSSL::Timestamp::Response::GRANTED) assert_equal(0, OpenSSL::Timestamp::Response::GRANTED)
assert_equal(1, OpenSSL::Timestamp::Response::GRANTED_WITH_MODS) assert_equal(1, OpenSSL::Timestamp::Response::GRANTED_WITH_MODS)
@ -338,6 +344,12 @@ _end_of_pem_
end end
end end
def test_response_invalid_asn1
assert_raise(OpenSSL::Timestamp::TimestampError) do
OpenSSL::Timestamp::Response.new("*" * 44)
end
end
def test_no_cert_requested def test_no_cert_requested
req = OpenSSL::Timestamp::Request.new req = OpenSSL::Timestamp::Request.new
req.algorithm = "SHA1" req.algorithm = "SHA1"
@ -590,6 +602,12 @@ _end_of_pem_
assert_equal(123, info.nonce) assert_equal(123, info.nonce)
end end
def test_token_info_invalid_asn1
assert_raise(OpenSSL::Timestamp::TimestampError) do
OpenSSL::Timestamp::TokenInfo.new("*" * 44)
end
end
private private
def assert_cert expected, actual def assert_cert expected, actual