ruby-changes:40985
From: naruse <ko1@a...>
Date: Sun, 13 Dec 2015 10:30:06 +0900 (JST)
Subject: [ruby-changes:40985] naruse:r53064 (trunk): * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing
naruse 2015-12-13 10:29:44 +0900 (Sun, 13 Dec 2015) New Revision: 53064 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=53064 Log: * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing protocol list. The protocol list from OpenSSL is not null-terminated. patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_ssl.c Index: ChangeLog =================================================================== --- ChangeLog (revision 53063) +++ ChangeLog (revision 53064) @@ -1,3 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Sun Dec 13 10:26:47 2015 NARUSE, Yui <naruse@r...> + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] + Sun Dec 13 06:40:30 2015 Marc-Andre Lafortune <ruby-core@m...> * lib/ostruct.rb: Have OpenStruct#dig raise if argument is not a Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 53063) +++ ext/openssl/ossl_ssl.c (revision 53064) @@ -585,19 +585,16 @@ ssl_npn_select_cb_common(VALUE cb, const https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L585 { VALUE selected; long len; - unsigned char l; VALUE protocols = rb_ary_new(); + unsigned char l; + const unsigned char *in_end = in + inlen; - /* The format is len_1|proto_1|...|len_n|proto_n\0 */ - while ((l = *in++) != '\0') { - VALUE protocol; - if (l > inlen) { - ossl_raise(eSSLError, "Invalid protocol name list"); - } - protocol = rb_str_new((const char *)in, l); - rb_ary_push(protocols, protocol); + /* assume OpenSSL verifies this format */ + /* The format is len_1|proto_1|...|len_n|proto_n */ + while (in < in_end) { + l = *in++; + rb_ary_push(protocols, rb_str_new((const char *)in, l)); in += l; - inlen -= l; } selected = rb_funcall(cb, rb_intern("call"), 1, protocols); -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/