rhe	2016-05-18 16:59:09 +0900 (Wed, 18 May 2016)

  New Revision: 55057

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55057

  Log:
    openssl: fix OpenSSL error queue leak in OpenSSL::PKCS12.new
    
    * ext/openssl/ossl_pkcs12.c (ossl_pkcs12_initialize): pop errors
      leaked by PKCS12_parse(). This is a bug in OpenSSL, which exists
      in the versions before the version 1.0.0t, 1.0.1p, 1.0.2d.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_pkcs12.c
Index: ext/openssl/ossl_pkcs12.c
===================================================================
--- ext/openssl/ossl_pkcs12.c	(revision 55056)
+++ ext/openssl/ossl_pkcs12.c	(revision 55057)
@@ -165,8 +165,12 @@ ossl_pkcs12_initialize(int argc, VALUE * https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkcs12.c#L165
     BIO_free(in);
 
     pkey = cert = ca = Qnil;
+    /* OpenSSL's bug; PKCS12_parse() puts errors even if it succeeds.
+     * Fixed in OpenSSL 1.0.0t, 1.0.1p, 1.0.2d */
+    ERR_set_mark();
     if(!PKCS12_parse(pkcs, passphrase, &key, &x509, &x509s))
 	ossl_raise(ePKCS12Error, "PKCS12_parse");
+    ERR_pop_to_mark();
     pkey = rb_protect((VALUE(*)_((VALUE)))ossl_pkey_new, (VALUE)key,
 		      &st); /* NO DUP */
     if(st) goto err;
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 55056)
+++ ChangeLog	(revision 55057)
@@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Wed May 18 16:52:03 2016  Kazuki Yamaguchi  <k@r...>
+
+	* ext/openssl/ossl_pkcs12.c (ossl_pkcs12_initialize): pop errors
+	  leaked by PKCS12_parse(). This is a bug in OpenSSL, which exists
+	  in the versions before the version 1.0.0t, 1.0.1p, 1.0.2d.
+
 Wed May 18 16:04:54 2016  Nobuyoshi Nakada  <nobu@r...>
 
 	* tool/downloader.rb (Downloader::RubyGems.download): verify gems

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/