ruby-changes:21298
From: kosaki <ko1@a...>
Date: Tue, 27 Sep 2011 13:06:18 +0900 (JST)
Subject: [ruby-changes:21298] kosaki:r33347 (ruby_1_9_3): merge revision(s) 33333:
kosaki 2011-09-27 13:06:02 +0900 (Tue, 27 Sep 2011) New Revision: 33347 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33347 Log: merge revision(s) 33333: * ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being fed arbitrary string values. Clearly distinguish between the cases "universal, infinite and not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly infinite". Raise error for universal tags that are not infinite. * test/openssl/test_asn1.rb: add a test for this. Thanks to Hiroshi Yoshida for reporting this bug. [Bug #5363] [ruby-dev:44542] Modified files: branches/ruby_1_9_3/ChangeLog branches/ruby_1_9_3/ext/openssl/ossl_asn1.c branches/ruby_1_9_3/test/openssl/test_asn1.rb branches/ruby_1_9_3/version.h Index: ruby_1_9_3/ChangeLog =================================================================== --- ruby_1_9_3/ChangeLog (revision 33346) +++ ruby_1_9_3/ChangeLog (revision 33347) @@ -1,3 +1,15 @@ +Tue Sep 27 13:05:39 2011 Martin Bosslet <Martin.Bosslet@g...> + + * ext/openssl/ossl_asn1.c: fix int_ossl_asn1_decode0_cons when being + fed arbitrary string values. + Clearly distinguish between the cases "universal, infinite and + not a SEQUENCE or SET" and "universal SEQUENCE or SET, possibly + infinite". Raise error for universal tags that are not infinite. + * test/openssl/test_asn1.rb: add a test for this. + + Thanks to Hiroshi Yoshida for reporting this bug. + [Bug #5363] [ruby-dev:44542] + Sat Sep 17 23:34:10 2011 Nobuyoshi Nakada <nobu@r...> * parse.y (parser_data_type): inherit the core type in ripper so Index: ruby_1_9_3/ext/openssl/ossl_asn1.c =================================================================== --- ruby_1_9_3/ext/openssl/ossl_asn1.c (revision 33346) +++ ruby_1_9_3/ext/openssl/ossl_asn1.c (revision 33347) @@ -877,13 +877,23 @@ } } - if (tc == sUNIVERSAL && (tag == V_ASN1_SEQUENCE || V_ASN1_SET)) { + if (tc == sUNIVERSAL) { VALUE args[4]; - VALUE klass = *ossl_asn1_info[tag].klass; - if (infinite && tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET) { - asn1data = rb_obj_alloc(cASN1Constructive); + int not_sequence_or_set; + + not_sequence_or_set = tag != V_ASN1_SEQUENCE && tag != V_ASN1_SET; + + if (not_sequence_or_set) { + if (infinite) { + asn1data = rb_obj_alloc(cASN1Constructive); + } + else { + ossl_raise(eASN1Error, "invalid non-infinite tag"); + return Qnil; + } } else { + VALUE klass = *ossl_asn1_info[tag].klass; asn1data = rb_obj_alloc(klass); } args[0] = ary; Index: ruby_1_9_3/version.h =================================================================== --- ruby_1_9_3/version.h (revision 33346) +++ ruby_1_9_3/version.h (revision 33347) @@ -1,10 +1,10 @@ #define RUBY_VERSION "1.9.3" #define RUBY_PATCHLEVEL -1 -#define RUBY_RELEASE_DATE "2011-09-24" +#define RUBY_RELEASE_DATE "2011-09-27" #define RUBY_RELEASE_YEAR 2011 #define RUBY_RELEASE_MONTH 9 -#define RUBY_RELEASE_DAY 24 +#define RUBY_RELEASE_DAY 27 #include "ruby/version.h" Index: ruby_1_9_3/test/openssl/test_asn1.rb =================================================================== --- ruby_1_9_3/test/openssl/test_asn1.rb (revision 33346) +++ ruby_1_9_3/test/openssl/test_asn1.rb (revision 33347) @@ -204,6 +204,31 @@ end end + def test_decode_pem #should fail gracefully (cf. [ruby-dev:44542]) + pem = <<-_EOS_ +-----BEGIN CERTIFICATE----- +MIIC8zCCAdugAwIBAgIBATANBgkqhkiG9w0BAQUFADA9MRMwEQYKCZImiZPyLGQB +GRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVieS1sYW5nMQswCQYDVQQDDAJDQTAe +Fw0xMTA5MjUxMzQ4MjZaFw0xMTA5MjUxNDQ4MjZaMD0xEzARBgoJkiaJk/IsZAEZ +FgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5LWxhbmcxCzAJBgNVBAMMAkNBMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV9ht9J7k4NBs38jOXvvTKY9 +gW8nLICSno5EETR1cuF7i4pNs9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enen +fzq/t/e/1IRW0wkJUJUFQign4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWm +qbjs07JbuS4QQGGXLc+Su96DkYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v6 +8JkRFIhdGlb6JL8fllf/A/blNwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX +9KZYcU00mOX+fdxOSnGqS/8JDRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wID +AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAiAtrIr1pLX4GYN5klviWKb8HC9ICYuAFI +NfE3FwqzErEVXotuMe3yPVyB3Bv6rjYY/x5EtS5+WPTbHlvHZTkfcsnTpizcn4mW +dJ6dDRaFCHt1YKKjUxqBt9lvvrc3nReYZN/P+s1mrDhWzGf8iPZgf8sFUHgnaK7W +CXRVXmPFgCDRNpDDVQ0MQkr509yYfTH+dujNzqTCwSvkyZFyQ7Oe8Yj0VR6kquG3 +rEzBQ0F9dUyqQ9gyRg8KHhDfv9HzT1d/rnUZMkoombwYBRIUChGCYV0GnJcan2Zm +/93PnPG1IvPjYNd5VlV+sXSnaxQn974HRCsMv7jA8BD6IgSaX6WK +-----END CERTIFICATE----- + _EOS_ + assert_raise(OpenSSL::ASN1::ASN1Error) { OpenSSL::ASN1.decode(pem) } + assert_raise(OpenSSL::ASN1::ASN1Error) { OpenSSL::ASN1.decode_all(pem) } + end + def test_primitive_cannot_set_infinite_length begin prim = OpenSSL::ASN1::Integer.new(50) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/