ruby-changes:40146
From: naruse <ko1@a...>
Date: Fri, 23 Oct 2015 01:54:15 +0900 (JST)
Subject: [ruby-changes:40146] naruse:r52227 (trunk): * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error
naruse 2015-10-23 01:54:01 +0900 (Fri, 23 Oct 2015) New Revision: 52227 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=52227 Log: * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error in ext/openssl instead of OpenSSL itself because LibreSSL silently truncate the selected protocol name by casting the length from int to unsigned char. [Bug #11369] Patch by Jeremy Evans <merch-redmine@j...> Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_ssl.c Index: ChangeLog =================================================================== --- ChangeLog (revision 52226) +++ ChangeLog (revision 52227) @@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Fri Oct 23 00:32:02 2015 NARUSE, Yui <naruse@r...> + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error + in ext/openssl instead of OpenSSL itself because LibreSSL + silently truncate the selected protocol name by casting the length + from int to unsigned char. [Bug #11369] + Patch by Jeremy Evans <merch-redmine@j...> + Fri Oct 23 00:49:45 2015 Shugo Maeda <shugo@r...> * lib/un.rb (help): change the name of a block parameter to avoid Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 52226) +++ ext/openssl/ossl_ssl.c (revision 52227) @@ -599,9 +599,12 @@ ssl_npn_select_cb(SSL *s, unsigned char https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L599 selected = rb_funcall(cb, rb_intern("call"), 1, protocols); StringValue(selected); + i = RSTRING_LENINT(selected); + if (i < 1 || i >= 256) { + ossl_raise(eSSLError, "Selected protocol must have length 1..255"); + } *out = (unsigned char *) StringValuePtr(selected); - *outlen = RSTRING_LENINT(selected); - + *outlen = i; return SSL_TLSEXT_ERR_OK; } -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/