ruby-changes:39507
From: nobu <ko1@a...>
Date: Sat, 15 Aug 2015 13:36:38 +0900 (JST)
Subject: [ruby-changes:39507] nobu:r51588 (trunk): ossl_ssl.c: check SSL method name
nobu 2015-08-15 13:34:29 +0900 (Sat, 15 Aug 2015) New Revision: 51588 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=51588 Log: ossl_ssl.c: check SSL method name * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version): SSL method name must not contain NUL. preserve the encoding of message. Modified files: trunk/ext/openssl/ossl_ssl.c trunk/test/openssl/test_ssl.rb Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 51587) +++ ext/openssl/ossl_ssl.c (revision 51588) @@ -180,7 +180,7 @@ ossl_sslctx_set_ssl_version(VALUE self, https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L180 SSL_CTX *ctx; if (RB_TYPE_P(ssl_method, T_SYMBOL)) m = rb_sym2str(ssl_method); - s = StringValuePtr(m); + s = StringValueCStr(m); for (i = 0; i < numberof(ossl_ssl_method_tab); i++) { if (strcmp(ossl_ssl_method_tab[i].name, s) == 0) { method = ossl_ssl_method_tab[i].func(); @@ -188,7 +188,7 @@ ossl_sslctx_set_ssl_version(VALUE self, https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L188 } } if (!method) { - ossl_raise(rb_eArgError, "unknown SSL method `%s'.", s); + ossl_raise(rb_eArgError, "unknown SSL method `%"PRIsVALUE"'.", m); } GetSSLCTX(self, ctx); if (SSL_CTX_set_ssl_version(ctx, method) != 1) { Index: test/openssl/test_ssl.rb =================================================================== --- test/openssl/test_ssl.rb (revision 51587) +++ test/openssl/test_ssl.rb (revision 51588) @@ -10,6 +10,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L10 assert_equal(ctx.setup, nil) end + def test_ctx_setup_invalid + m = OpenSSL::SSL::SSLContext::METHODS.first + assert_raise_with_message(ArgumentError, /null/) { + OpenSSL::SSL::SSLContext.new("#{m}\0") + } + assert_raise_with_message(ArgumentError, /\u{ff33 ff33 ff2c}/) { + OpenSSL::SSL::SSLContext.new("\u{ff33 ff33 ff2c}") + } + end + def test_options_defaults_to_OP_ALL ctx = OpenSSL::SSL::SSLContext.new assert_equal OpenSSL::SSL::OP_ALL, ctx.options -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/