ruby-changes:30360
From: charliesome <ko1@a...>
Date: Thu, 8 Aug 2013 06:00:47 +0900 (JST)
Subject: [ruby-changes:30360] charliesome:r42429 (trunk): * test/openssl/test_ssl.rb: Fix test for CVE-2013-4073.
charliesome 2013-08-08 06:00:34 +0900 (Thu, 08 Aug 2013) New Revision: 42429 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=42429 Log: * test/openssl/test_ssl.rb: Fix test for CVE-2013-4073. Patch by Antonio Terceiro. [Bug #8750] [ruby-core:56437] Modified files: trunk/ChangeLog trunk/test/openssl/test_ssl.rb _______________________________________________ ruby-cvs mailing list ruby-cvs@r... http://lists.ruby-lang.org/cgi-bin/mailman/listinfo/ruby-cvs Index: ChangeLog =================================================================== --- ChangeLog (revision 42428) +++ ChangeLog (revision 42429) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Thu Aug 8 05:59:00 2013 Charlie Somerville <charliesome@r...> + + * test/openssl/test_ssl.rb: Fix test for CVE-2013-4073. + Patch by Antonio Terceiro. [Bug #8750] [ruby-core:56437] + Thu Aug 8 03:37:38 2013 Eric Hodel <drbrain@s...> * lib/webrick/httpresponse.rb: Allow #body to be an IO-like object Index: test/openssl/test_ssl.rb =================================================================== --- test/openssl/test_ssl.rb (revision 42428) +++ test/openssl/test_ssl.rb (revision 42429) @@ -341,7 +341,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L341 [true, false].each do |criticality| cert = create_null_byte_SAN_certificate(criticality) assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com')) - assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com\0.evil.com')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, "www.example.com\0.evil.com")) assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255')) assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1')) assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17')) @@ -358,7 +358,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L358 ext_asn1 = OpenSSL::ASN1.decode(ext.to_der) san_list_der = ext_asn1.value.reduce(nil) { |memo,val| val.tag == 4 ? val.value : memo } san_list_asn1 = OpenSSL::ASN1.decode(san_list_der) - san_list_asn1.value[0].value = 'www.example.com\0.evil.com' + san_list_asn1.value[0].value = "www.example.com\0.evil.com" pos = critical ? 2 : 1 ext_asn1.value[pos].value = san_list_asn1.to_der real_ext = OpenSSL::X509::Extension.new ext_asn1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/