ruby-changes:40693
From: nagachika <ko1@a...>
Date: Sat, 28 Nov 2015 06:24:39 +0900 (JST)
Subject: [ruby-changes:40693] nagachika:r52772 (ruby_2_2): merge revision(s) 52227, 52228: [Backport #11369]
nagachika 2015-11-28 06:24:30 +0900 (Sat, 28 Nov 2015) New Revision: 52772 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=52772 Log: merge revision(s) 52227,52228: [Backport #11369] * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error in ext/openssl instead of OpenSSL itself because LibreSSL silently truncate the selected protocol name by casting the length from int to unsigned char. [Bug #11369] Patch by Jeremy Evans <merch-redmine@j...> Modified directories: branches/ruby_2_2/ Modified files: branches/ruby_2_2/ChangeLog branches/ruby_2_2/ext/openssl/ossl_ssl.c branches/ruby_2_2/version.h Index: ruby_2_2/ChangeLog =================================================================== --- ruby_2_2/ChangeLog (revision 52771) +++ ruby_2_2/ChangeLog (revision 52772) @@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ChangeLog#L1 +Sat Nov 28 06:12:32 2015 NARUSE, Yui <naruse@r...> + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error + in ext/openssl instead of OpenSSL itself because LibreSSL + silently truncate the selected protocol name by casting the length + from int to unsigned char. [Bug #11369] + Patch by Jeremy Evans <merch-redmine@j...> + Sat Nov 28 05:50:58 2015 Nobuyoshi Nakada <nobu@r...> * vm_eval.c (send_internal): set method_missing_reason before Index: ruby_2_2/ext/openssl/ossl_ssl.c =================================================================== --- ruby_2_2/ext/openssl/ossl_ssl.c (revision 52771) +++ ruby_2_2/ext/openssl/ossl_ssl.c (revision 52772) @@ -622,29 +622,48 @@ ssl_npn_advertise_cb(SSL *ssl, const uns https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ext/openssl/ossl_ssl.c#L622 } static int -ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) +ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen) { - int i = 0; - VALUE sslctx_obj, cb, protocols, selected; - - sslctx_obj = (VALUE) arg; - cb = rb_iv_get(sslctx_obj, "@npn_select_cb"); - protocols = rb_ary_new(); + VALUE selected; + long len; + unsigned char l; + VALUE protocols = rb_ary_new(); /* The format is len_1|proto_1|...|len_n|proto_n\0 */ - while (in[i]) { - VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]); + while (l = *in++) { + VALUE protocol; + if (l > inlen) { + ossl_raise(eSSLError, "Invalid protocol name list"); + } + protocol = rb_str_new((const char *)in, l); rb_ary_push(protocols, protocol); - i += in[i] + 1; + in += l; + inlen -= l; } selected = rb_funcall(cb, rb_intern("call"), 1, protocols); StringValue(selected); - *out = (unsigned char *) StringValuePtr(selected); - *outlen = RSTRING_LENINT(selected); + len = RSTRING_LEN(selected); + if (len < 1 || len >= 256) { + ossl_raise(eSSLError, "Selected protocol name must have length 1..255"); + } + *out = (unsigned char *)RSTRING_PTR(selected); + *outlen = (unsigned char)len; return SSL_TLSEXT_ERR_OK; } + +static int +ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) +{ + VALUE sslctx_obj, cb; + + sslctx_obj = (VALUE) arg; + cb = rb_iv_get(sslctx_obj, "@npn_select_cb"); + + return ssl_npn_select_cb_common(cb, (const unsigned char **)out, outlen, in, inlen); +} + #endif /* This function may serve as the entry point to support further Index: ruby_2_2/version.h =================================================================== --- ruby_2_2/version.h (revision 52771) +++ ruby_2_2/version.h (revision 52772) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/version.h#L1 #define RUBY_VERSION "2.2.4" #define RUBY_RELEASE_DATE "2015-11-28" -#define RUBY_PATCHLEVEL 204 +#define RUBY_PATCHLEVEL 205 #define RUBY_RELEASE_YEAR 2015 #define RUBY_RELEASE_MONTH 11 Property changes on: ruby_2_2 ___________________________________________________________________ Modified: svn:mergeinfo Merged /trunk:r52227-52228 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/