ruby-changes:29572
From: usa <ko1@a...>
Date: Tue, 25 Jun 2013 21:41:05 +0900 (JST)
Subject: [ruby-changes:29572] usa:r41624 (ruby_1_9_3): merge revision(s) 41325: [Backport #8554]
usa 2013-06-25 21:40:50 +0900 (Tue, 25 Jun 2013) New Revision: 41624 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=41624 Log: merge revision(s) 41325: [Backport #8554] * gc.c: Fixup around GC by MALLOC. Add allocate size to malloc_increase before GC for updating limit in after_gc_sweep. Reset malloc_increase into garbage_collect() for preventing GC again soon. this backport patch is written by nari. Modified files: branches/ruby_1_9_3/ChangeLog branches/ruby_1_9_3/ext/openssl/lib/openssl/ssl-internal.rb branches/ruby_1_9_3/gc.c branches/ruby_1_9_3/test/openssl/test_ssl.rb branches/ruby_1_9_3/version.h Index: ruby_1_9_3/ChangeLog =================================================================== --- ruby_1_9_3/ChangeLog (revision 41623) +++ ruby_1_9_3/ChangeLog (revision 41624) @@ -1,3 +1,12 @@ https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/ChangeLog#L1 +Tue Jun 25 21:38:48 2013 NAKAMURA Usaku <usa@r...> + + * gc.c: Fixup around GC by MALLOC. + Add allocate size to malloc_increase before GC + for updating limit in after_gc_sweep. + Reset malloc_increase into garbage_collect() + for preventing GC again soon. + this backport patch is written by nari. + Wed Jun 5 12:38:14 2013 Nobuyoshi Nakada <nobu@r...> * win32/win32.c (setup_overlapped, finish_overlapped): extract from Index: ruby_1_9_3/gc.c =================================================================== --- ruby_1_9_3/gc.c (revision 41623) +++ ruby_1_9_3/gc.c (revision 41624) @@ -236,7 +236,7 @@ getrusage_time(void) https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/gc.c#L236 #define GC_PROF_SET_MALLOC_INFO do {\ if (objspace->profile.run) {\ gc_profile_record *record = &objspace->profile.record[objspace->profile.count];\ - record->allocate_increase = malloc_increase;\ + record->allocate_increase = malloc_increase + malloc_increase2;\ record->allocate_limit = malloc_limit; \ }\ } while(0) @@ -352,6 +352,7 @@ typedef struct rb_objspace { https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/gc.c#L352 struct { size_t limit; size_t increase; + size_t increase2; #if CALC_EXACT_MALLOC_SIZE size_t allocated_size; size_t allocations; @@ -405,6 +406,7 @@ int *ruby_initial_gc_stress_ptr = &rb_ob https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/gc.c#L406 #endif #define malloc_limit objspace->malloc_params.limit #define malloc_increase objspace->malloc_params.increase +#define malloc_increase2 objspace->malloc_params.increase2 #define heaps objspace->heap.ptr #define heaps_length objspace->heap.length #define heaps_used objspace->heap.used @@ -756,8 +758,9 @@ vm_malloc_prepare(rb_objspace_t *objspac https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/gc.c#L758 size += sizeof(size_t); #endif + malloc_increase += size; if ((ruby_gc_stress && !ruby_disable_gc_stress) || - (malloc_increase+size) > malloc_limit) { + malloc_increase > malloc_limit) { garbage_collect_with_gvl(objspace); } @@ -767,8 +770,6 @@ vm_malloc_prepare(rb_objspace_t *objspac https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/gc.c#L770 static inline void * vm_malloc_fixup(rb_objspace_t *objspace, void *mem, size_t size) { - malloc_increase += size; - #if CALC_EXACT_MALLOC_SIZE objspace->malloc_params.allocated_size += size; objspace->malloc_params.allocations++; @@ -2211,6 +2212,8 @@ before_gc_sweep(rb_objspace_t *objspace) https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/gc.c#L2212 objspace->heap.sweep_slots = heaps; objspace->heap.free_num = 0; + malloc_increase2 += ATOMIC_SIZE_EXCHANGE(malloc_increase,0); + /* sweep unlinked method entries */ if (GET_VM()->unlinked_method_entry_list) { rb_sweep_method_entry(GET_VM()); @@ -2227,11 +2230,12 @@ after_gc_sweep(rb_objspace_t *objspace) https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/gc.c#L2230 heaps_increment(objspace); } - if (malloc_increase > malloc_limit) { + if ((malloc_increase + malloc_increase2) > malloc_limit) { malloc_limit += (size_t)((malloc_increase - malloc_limit) * (double)objspace->heap.live_num / (heaps_used * HEAP_OBJ_LIMIT)); if (malloc_limit < initial_malloc_limit) malloc_limit = initial_malloc_limit; } malloc_increase = 0; + malloc_increase2 = 0; free_unused_heaps(objspace); } Index: ruby_1_9_3/ext/openssl/lib/openssl/ssl-internal.rb =================================================================== --- ruby_1_9_3/ext/openssl/lib/openssl/ssl-internal.rb (revision 41623) +++ ruby_1_9_3/ext/openssl/lib/openssl/ssl-internal.rb (revision 41624) @@ -88,14 +88,22 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/ext/openssl/lib/openssl/ssl-internal.rb#L88 should_verify_common_name = true cert.extensions.each{|ext| next if ext.oid != "subjectAltName" - ext.value.split(/,\s+/).each{|general_name| - if /\ADNS:(.*)/ =~ general_name + id, ostr = OpenSSL::ASN1.decode(ext.to_der).value + sequence = OpenSSL::ASN1.decode(ostr.value) + sequence.value.each{|san| + case san.tag + when 2 # dNSName in GeneralName (RFC5280) should_verify_common_name = false - reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") + reg = Regexp.escape(san.value).gsub(/\\\*/, "[^.]+") return true if /\A#{reg}\z/i =~ hostname - elsif /\AIP Address:(.*)/ =~ general_name + when 7 # iPAddress in GeneralName (RFC5280) should_verify_common_name = false - return true if $1 == hostname + # follows GENERAL_NAME_print() in x509v3/v3_alt.c + if san.value.size == 4 + return true if san.value.unpack('C*').join('.') == hostname + elsif san.value.size == 16 + return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname + end end } } Index: ruby_1_9_3/version.h =================================================================== --- ruby_1_9_3/version.h (revision 41623) +++ ruby_1_9_3/version.h (revision 41624) @@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/version.h#L1 #define RUBY_VERSION "1.9.3" -#define RUBY_PATCHLEVEL 433 +#define RUBY_PATCHLEVEL 434 -#define RUBY_RELEASE_DATE "2013-06-05" +#define RUBY_RELEASE_DATE "2013-06-25" #define RUBY_RELEASE_YEAR 2013 #define RUBY_RELEASE_MONTH 6 -#define RUBY_RELEASE_DAY 5 +#define RUBY_RELEASE_DAY 25 #include "ruby/version.h" Index: ruby_1_9_3/test/openssl/test_ssl.rb =================================================================== --- ruby_1_9_3/test/openssl/test_ssl.rb (revision 41623) +++ ruby_1_9_3/test/openssl/test_ssl.rb (revision 41624) @@ -351,6 +351,28 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/ruby_1_9_3/test/openssl/test_ssl.rb#L351 } end + def test_verify_certificate_identity + # creating NULL byte SAN certificate + ef = OpenSSL::X509::ExtensionFactory.new + cert = OpenSSL::X509::Certificate.new + cert.subject = OpenSSL::X509::Name.parse "/DC=some/DC=site/CN=Some Site" + ext = ef.create_ext('subjectAltName', 'DNS:placeholder,IP:192.168.7.1,IP:13::17') + ext_asn1 = OpenSSL::ASN1.decode(ext.to_der) + san_list_der = ext_asn1.value.reduce(nil) { |memo,val| val.tag == 4 ? val.value : memo } + san_list_asn1 = OpenSSL::ASN1.decode(san_list_der) + san_list_asn1.value[0].value = 'www.example.com\0.evil.com' + ext_asn1.value[1].value = san_list_asn1.to_der + real_ext = OpenSSL::X509::Extension.new ext_asn1 + cert.add_extension(real_ext) + + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com\0.evil.com')) + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1')) + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13:0:0:0:0:0:0:17')) + end + def test_tlsext_hostname return unless OpenSSL::SSL::SSLSocket.instance_methods.include?(:hostname) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/