[前][次][番号順一覧][スレッド一覧]

ruby-changes:28461

From: shirosaki <ko1@a...>
Date: Sun, 28 Apr 2013 22:21:46 +0900 (JST)
Subject: [ruby-changes:28461] shirosaki:r40513 (trunk): ossl_bn.c: fix ossl_bn_initialize bug with integer

shirosaki	2013-04-28 22:20:11 +0900 (Sun, 28 Apr 2013)

  New Revision: 40513

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=40513

  Log:
    ossl_bn.c: fix ossl_bn_initialize bug with integer
    
    * ext/openssl/ossl_bn.c (ossl_bn_initialize): fix buffer overflow on
      x64 Windows and memory leak when initializing with integer.
      [ruby-core:54615] [Bug #8337]

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_bn.c

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 40512)
+++ ChangeLog	(revision 40513)
@@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Sun Apr 28 22:04:37 2013  Hiroshi Shirosaki  <h.shirosaki@g...>
+
+	* ext/openssl/ossl_bn.c (ossl_bn_initialize): fix buffer overflow on
+	  x64 Windows and memory leak when initializing with integer.
+	  [ruby-core:54615] [Bug #8337]
+
 Sun Apr 28 12:38:04 2013  Nobuyoshi Nakada  <nobu@r...>
 
 	* README.EXT: correct method name to be used.  [Bug #7982]
Index: ext/openssl/ossl_bn.c
===================================================================
--- ext/openssl/ossl_bn.c	(revision 40512)
+++ ext/openssl/ossl_bn.c	(revision 40513)
@@ -123,11 +123,11 @@ ossl_bn_initialize(int argc, VALUE *argv https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L123
 
     if (RB_TYPE_P(str, T_FIXNUM)) {
 	long i;
-	unsigned char *bin = (unsigned char*)ALLOC_N(long, 1);
+	unsigned char *bin = (unsigned char*)ALLOCA_N(long, 1);
 	long n = FIX2LONG(str);
 	unsigned long un = labs(n);
 
-	for (i = sizeof(VALUE) - 1; 0 <= i; i--) {
+	for (i = sizeof(long) - 1; 0 <= i; i--) {
 	    bin[i] = un&0xff;
 	    un >>= 8;
 	}
@@ -154,8 +154,10 @@ ossl_bn_initialize(int argc, VALUE *argv https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L154
 
 	GetBN(self, bn);
 	if (!BN_bin2bn(bin, (int)sizeof(BDIGIT)*RBIGNUM_LENINT(str), bn)) {
+	    xfree(bin);
 	    ossl_raise(eBNError, NULL);
 	}
+	xfree(bin);
 	if (!RBIGNUM_SIGN(str)) BN_set_negative(bn, 1);
 	return self;
     }

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]