* Further checking (Check_SafeStr, memory leaks)

author: Michal Rokos <m.rokos@sh.cvut.cz> 2002-01-04 11:12:22 +0000
committer: Michal Rokos <m.rokos@sh.cvut.cz> 2002-01-04 11:12:22 +0000
commit: 30c7790a512172b5254775fbad8f601d5638c1e6 (patch)
tree: 39a0ceb2db8fcd07e8b82bc107e5cc2a05df9d24 /ossl_x509crl.c
parent: 99d5a24aa57c9eb4ac792a36e0947dc5df84fe8c (diff)
download: ruby-openssl-history-30c7790a512172b5254775fbad8f601d5638c1e6.tar.gz
1 files changed, 34 insertions, 23 deletions
diff --git a/ossl_x509crl.c b/ossl_x509crl.c
index 4025b1c..ba4e430 100644
--- a/ossl_x509crl.c
+++ b/ossl_x509crl.c
@@ -95,6 +95,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
 			crl = X509_CRL_new();
 			break;
 		case T_STRING:
+			Check_SafeStr(buffer);
 			if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, -1))) {
 				rb_raise(eX509CRLError, "%s", ossl_error());
 			}
@@ -150,7 +151,6 @@ static VALUE
 ossl_x509crl_get_issuer(VALUE self)
 {
 	ossl_x509crl *crlp = NULL;
-	X509_NAME *name = NULL;
 	
 	GetX509CRL(self, crlp);
 	
@@ -168,7 +168,8 @@ ossl_x509crl_set_issuer(VALUE self, VALUE issuer)
 	OSSL_Check_Type(issuer, cX509Name);
 	name = ossl_x509name_get_X509_NAME(issuer);
 	
-	if (!X509_NAME_set(&(crlp->crl->crl->issuer), name)) {
+	if (!X509_NAME_set(&(crlp->crl->crl->issuer), name)) { /* DUPs name - FREE it */
+		X509_NAME_free(name);
 		rb_raise(eX509CRLError, "%s", ossl_error());
 	}
 	X509_NAME_free(name);
@@ -243,7 +244,8 @@ ossl_x509crl_get_revoked(VALUE self)
 {
 	ossl_x509crl *crlp = NULL;
 	int i, num = 0;
-	VALUE ary;
+	X509_REVOKED *rev = NULL;
+	VALUE ary, revoked;
 
 	GetX509CRL(self, crlp);
 
@@ -255,7 +257,9 @@ ossl_x509crl_get_revoked(VALUE self)
 	ary = rb_ary_new2(num);
 
 	for(i=0; i<num; i++) {
-		rb_ary_push(ary, ossl_x509revoked_new((X509_REVOKED *)sk_X509_CRL_value(crlp->crl->crl->revoked, i)));
+		rev = (X509_REVOKED *)sk_X509_CRL_value(crlp->crl->crl->revoked, i); /* NO DUP - don't free! */
+		revoked = ossl_x509revoked_new(rev);
+		rb_ary_push(ary, revoked);
 	}
 
 	return ary;
@@ -267,22 +271,22 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
 	ossl_x509crl *crlp = NULL;
 	X509_REVOKED *rev = NULL;
 	int i;
-	VALUE item;
 
 	GetX509CRL(self, crlp);
 
 	Check_Type(ary, T_ARRAY);
-
+	for (i=0; i<RARRAY(ary)->len; i++) { /* All ary members should be X509 Revoked */
+		OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Revoked);
+	}
+	
 	sk_X509_REVOKED_pop_free(crlp->crl->crl->revoked, X509_REVOKED_free);
 	crlp->crl->crl->revoked = NULL;
 	M_ASN1_New(crlp->crl->crl->revoked, sk_X509_REVOKED_new_null);
 	
 	for (i=0; i<RARRAY(ary)->len; i++) {
-		item = RARRAY(ary)->ptr[i];
-		OSSL_Check_Type(item, cX509Revoked);
-		rev = ossl_x509revoked_get_X509_REVOKED(item);
+		rev = ossl_x509revoked_get_X509_REVOKED(RARRAY(ary)->ptr[i]);
 
-		if (!sk_X509_CRL_push(crlp->crl->crl->revoked, rev)) {
+		if (!sk_X509_CRL_push(crlp->crl->crl->revoked, rev)) { /* NO DUP - don't free! */
 			rb_raise(eX509CRLError, "%s", ossl_error());
 		}
 	}
@@ -302,7 +306,7 @@ ossl_x509crl_add_revoked(VALUE self, VALUE revoked)
 	OSSL_Check_Type(revoked, cX509Revoked);
 	rev = ossl_x509revoked_get_X509_REVOKED(revoked);
 
-	if (!sk_X509_CRL_push(crlp->crl->crl->revoked, rev)) {
+	if (!sk_X509_CRL_push(crlp->crl->crl->revoked, rev)) { /* NO DUP - don't free! */
 		rb_raise(eX509CRLError, "%s", ossl_error());
 	}
 	sk_X509_REVOKED_sort(crlp->crl->crl->revoked);
@@ -348,7 +352,6 @@ ossl_x509crl_verify(VALUE self, VALUE key)
 	GetX509CRL(self, crlp);
 
 	OSSL_Check_Type(key, cPKey);
-	
 	pkey = ossl_pkey_get_EVP_PKEY(key);
 
 	result = X509_CRL_verify(crlp->crl, pkey);
@@ -405,6 +408,7 @@ ossl_x509crl_to_str(VALUE self)
 	
 	return str;
 }
+
 /*
  * Gets X509v3 extensions as array of X509Ext objects
  */
@@ -426,7 +430,7 @@ ossl_x509crl_get_extensions(VALUE self)
 		return rb_ary_new();
 
 	for (i=0; i<count; i++) {
-		ext = X509_CRL_get_ext(crlp->crl, i);
+		ext = X509_CRL_get_ext(crlp->crl, i); /* NO DUP - don't free! */
 		rb_ary_push(ary, ossl_x509ext_new(ext));
 	}
 	
@@ -442,41 +446,48 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
 	ossl_x509crl *crlp = NULL;
 	X509_EXTENSION *ext = NULL;
 	int i = 0;
-	VALUE item;
 	
 	GetX509CRL(self, crlp);
 
 	Check_Type(ary, T_ARRAY);
+	for (i=0; i<RARRAY(ary)->len; i++) { /* All ary members should be X509 Extensions */
+		OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Extension);
+	}
 
 	sk_X509_EXTENSION_pop_free(crlp->crl->crl->extensions, X509_EXTENSION_free);
 	crlp->crl->crl->extensions = NULL;
 
 	for (i=0; i<RARRAY(ary)->len; i++) {
-		item = RARRAY(ary)->ptr[i];
-		OSSL_Check_Type(item, cX509Extension);
-		ext = ossl_x509ext_get_X509_EXTENSION(item);
-		if(!X509_CRL_add_ext(crlp->crl, ext, -1)) {
+		ext = ossl_x509ext_get_X509_EXTENSION(RARRAY(ary)->ptr[i]);
+
+		if(!X509_CRL_add_ext(crlp->crl, ext, -1)) { /* DUPs ext - FREE it */
+			X509_EXTENSION_free(ext);
 			rb_raise(eX509CRLError, "%s", ossl_error());
 		}
+		X509_EXTENSION_free(ext);
 	}
 
 	return ary;
 }
 
 static VALUE 
-ossl_x509crl_add_extension(VALUE self, VALUE ext)
+ossl_x509crl_add_extension(VALUE self, VALUE extension)
 {
 	ossl_x509crl *crlp = NULL;
+	X509_EXTENSION *ext = NULL;
 
 	GetX509CRL(self, crlp);
 
-	OSSL_Check_Type(ext, cX509Extension);
-
-	if(!X509_CRL_add_ext(crlp->crl, ossl_x509ext_get_X509_EXTENSION(ext), -1)) {
+	OSSL_Check_Type(extension, cX509Extension);
+	ext = ossl_x509ext_get_X509_EXTENSION(extension);
+	
+	if(!X509_CRL_add_ext(crlp->crl, ext, -1)) { /* DUPs ext - FREE it */
+		X509_EXTENSION_free(ext);
 		rb_raise(eX509CRLError, "%s", ossl_error());
 	}
+	X509_EXTENSION_free(ext);
 
-	return ext;
+	return extension;
 }
 
 /*
author	Michal Rokos <m.rokos@sh.cvut.cz>	2002-01-04 11:12:22 +0000
committer	Michal Rokos <m.rokos@sh.cvut.cz>	2002-01-04 11:12:22 +0000
commit	30c7790a512172b5254775fbad8f601d5638c1e6 (patch)
tree	39a0ceb2db8fcd07e8b82bc107e5cc2a05df9d24 /ossl_x509crl.c
parent	99d5a24aa57c9eb4ac792a36e0947dc5df84fe8c (diff)
download	ruby-openssl-history-30c7790a512172b5254775fbad8f601d5638c1e6.tar.gz