ruby-changes:42997
From: rhe <ko1@a...>
Date: Thu, 19 May 2016 13:13:02 +0900 (JST)
Subject: [ruby-changes:42997] rhe:r55071 (trunk): openssl: check argument type in OpenSSL::X509::Attribute#value=
rhe 2016-05-19 13:12:57 +0900 (Thu, 19 May 2016) New Revision: 55071 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55071 Log: openssl: check argument type in OpenSSL::X509::Attribute#value= * ext/openssl/ossl_x509attr.c (ossl_x509attr_set_value): check that the argument is an OpenSSL::ASN1::Data before converting to ASN1_TYPE. This fixes SEGV on OpenSSL::X509::Attribute#value=(non-asn1-value). * test/openssl/test_x509attr.rb: add tests for OpenSSL::X509::Attribute. Added files: trunk/test/openssl/test_x509attr.rb Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_x509attr.c Index: ext/openssl/ossl_x509attr.c =================================================================== --- ext/openssl/ossl_x509attr.c (revision 55070) +++ ext/openssl/ossl_x509attr.c (revision 55071) @@ -196,6 +196,7 @@ ossl_x509attr_set_value(VALUE self, VALU https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509attr.c#L196 X509_ATTRIBUTE *attr; ASN1_TYPE *a1type; + OSSL_Check_Kind(value, cASN1Data); if(!(a1type = ossl_asn1_get_asn1type(value))) ossl_raise(eASN1Error, "could not get ASN1_TYPE"); if(ASN1_TYPE_get(a1type) == V_ASN1_SEQUENCE){ Index: test/openssl/test_x509attr.rb =================================================================== --- test/openssl/test_x509attr.rb (revision 0) +++ test/openssl/test_x509attr.rb (revision 55071) @@ -0,0 +1,56 @@ https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509attr.rb#L1 +# frozen_string_literal: false +require_relative "utils" + +if defined?(OpenSSL::TestUtils) + +class OpenSSL::TestX509Attribute < OpenSSL::TestCase + def test_new + ef = OpenSSL::X509::ExtensionFactory.new + val = OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([ + ef.create_extension("keyUsage", "keyCertSign", true) + ])]) + attr = OpenSSL::X509::Attribute.new("extReq", val) + assert_equal("extReq", attr.oid) + assert_equal(val.to_der, attr.value.to_der) + end + + def test_from_der + # oid: challengePassword, values: Set[UTF8String<"abc123">] + test_der = "\x30\x15\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x07\x31\x08" \ + "\x0c\x06\x61\x62\x63\x31\x32\x33".b + attr = OpenSSL::X509::Attribute.new(test_der) + assert_equal(test_der, attr.to_der) + assert_equal("challengePassword", attr.oid) + assert_equal("abc123", attr.value.value[0].value) + end + + def test_to_der + ef = OpenSSL::X509::ExtensionFactory.new + val = OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([ + ef.create_extension("keyUsage", "keyCertSign", true) + ])]) + attr = OpenSSL::X509::Attribute.new("extReq", val) + expected = OpenSSL::ASN1::Sequence.new([ + OpenSSL::ASN1::ObjectId.new("extReq"), + val + ]) + assert_equal(expected.to_der, attr.to_der) + end + + def test_invalid_value + # should not change the original value + test_der = "\x30\x15\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x07\x31\x08" \ + "\x0c\x06\x61\x62\x63\x31\x32\x33".b + attr = OpenSSL::X509::Attribute.new(test_der) + assert_raise(TypeError) { + attr.value = "1234" + } + assert_equal(test_der, attr.to_der) + assert_raise(OpenSSL::X509::AttributeError) { + attr.oid = "abc123" + } + assert_equal(test_der, attr.to_der) + end +end + +end Index: ChangeLog =================================================================== --- ChangeLog (revision 55070) +++ ChangeLog (revision 55071) @@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Thu May 19 13:11:35 2016 Kazuki Yamaguchi <k@r...> + + * ext/openssl/ossl_x509attr.c (ossl_x509attr_set_value): check that the + argument is an OpenSSL::ASN1::Data before converting to ASN1_TYPE. + This fixes SEGV on OpenSSL::X509::Attribute#value=(non-asn1-value). + + * test/openssl/test_x509attr.rb: add tests for OpenSSL::X509::Attribute. + Thu May 19 12:10:10 2016 Nobuyoshi Nakada <nobu@r...> * re.c (rb_reg_match_m_p): fix match against empty string. -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/