ruby-changes:74035
From: Nobuhiro <ko1@a...>
Date: Mon, 17 Oct 2022 16:43:21 +0900 (JST)
Subject: [ruby-changes:74035] a98096349e (master): [ruby/openssl] Check if the option is an Hash in `pkey_ctx_apply_options0()`
https://git.ruby-lang.org/ruby.git/commit/?id=a98096349e From a98096349ec7280edabf3822d2c6932ac6e63634 Mon Sep 17 00:00:00 2001 From: Nobuhiro IMAI <nov@y...> Date: Fri, 5 Aug 2022 18:42:06 +0900 Subject: [ruby/openssl] Check if the option is an Hash in `pkey_ctx_apply_options0()` causes SEGV if it is an Array or something like that. https://github.com/ruby/openssl/commit/ef23525210 --- ext/openssl/ossl_pkey.c | 1 + test/openssl/test_pkey_rsa.rb | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 24d0da4683..0dafa6dc71 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -200,6 +200,7 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L200 pkey_ctx_apply_options0(VALUE args_v) { VALUE *args = (VALUE *)args_v; + Check_Type(args[1], T_HASH); rb_block_call(args[1], rb_intern("each"), 0, NULL, pkey_ctx_apply_options_i, args[0]); diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb index 4bb39ed4a6..fa84b76f4b 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -108,6 +108,11 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_rsa.rb#L108 salt_length: 20, mgf1_hash: "SHA1") # Defaults to PKCS #1 v1.5 padding => verification failure assert_equal false, key.verify("SHA256", sig_pss, data) + + # option type check + assert_raise_with_message(TypeError, /expected Hash/) { + key.sign("SHA256", data, ["x"]) + } end def test_sign_verify_raw -- cgit v1.2.3 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/