ruby-changes:55290
From: mame <ko1@a...>
Date: Wed, 10 Apr 2019 17:03:55 +0900 (JST)
Subject: [ruby-changes:55290] mame:r67497 (trunk): ext/openssl/ossl_bn.c (ossl_bn_initialize): get rid of SEGV
mame 2019-04-10 17:03:47 +0900 (Wed, 10 Apr 2019) New Revision: 67497 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=67497 Log: ext/openssl/ossl_bn.c (ossl_bn_initialize): get rid of SEGV OpenSSL::BN.new(nil, 2) dumped core. [ruby-core:92231] [Bug #15760] Modified files: trunk/ext/openssl/ossl_bn.c trunk/test/openssl/test_bn.rb Index: test/openssl/test_bn.rb =================================================================== --- test/openssl/test_bn.rb (revision 67496) +++ test/openssl/test_bn.rb (revision 67497) @@ -272,6 +272,11 @@ class OpenSSL::TestBN < OpenSSL::TestCas https://github.com/ruby/ruby/blob/trunk/test/openssl/test_bn.rb#L272 assert_equal(0, @e1.ucmp(-999)) assert_instance_of(String, @e1.hash.to_s) end + + def test_type_error + bug15760 = '[ruby-core:92231] [Bug #15760]' + assert_raise(TypeError, bug15760) { OpenSSL::BN.new(nil, 2) } + end end end Index: ext/openssl/ossl_bn.c =================================================================== --- ext/openssl/ossl_bn.c (revision 67496) +++ ext/openssl/ossl_bn.c (revision 67497) @@ -187,6 +187,7 @@ ossl_bn_initialize(int argc, VALUE *argv https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L187 BIGNUM *bn; VALUE str, bs; int base = 10; + char *ptr; if (rb_scan_args(argc, argv, "11", &str, &bs) == 2) { base = NUM2INT(bs); @@ -213,12 +214,14 @@ ossl_bn_initialize(int argc, VALUE *argv https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L214 GetBN(self, bn); switch (base) { case 0: - if (!BN_mpi2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) { + ptr = StringValuePtr(str); + if (!BN_mpi2bn((unsigned char *)ptr, RSTRING_LENINT(str), bn)) { ossl_raise(eBNError, NULL); } break; case 2: - if (!BN_bin2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) { + ptr = StringValuePtr(str); + if (!BN_bin2bn((unsigned char *)ptr, RSTRING_LENINT(str), bn)) { ossl_raise(eBNError, NULL); } break; -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/