pkey: fix possible memory leak in PKey#verify

Fix a possible memory leak that happens when the given signature is too long for int. Check that the signature length can be represented in int before allocating EVP_MD_CTX.
author: Kazuki Yamaguchi <k@rhe.jp> 2016-10-15 15:46:04 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2016-10-15 15:46:04 +0900
commit: e9deede7aef43ee6079571638faf973f7fc67d32 (patch)
tree: 554caf30bf163ce2b93bf8c62f5775e50b244382
parent: 0032f23637ddcaa3f749cc53ad625a67ce455fb1 (diff)
download: ruby-openssl-e9deede7aef43ee6079571638faf973f7fc67d32.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index 9a94a465..70b97fc9 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -352,12 +352,13 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
     EVP_PKEY *pkey;
     const EVP_MD *md;
     EVP_MD_CTX *ctx;
-    int result;
+    int siglen, result;
 
     GetPKey(self, pkey);
     pkey_check_public_key(pkey);
     md = GetDigestPtr(digest);
     StringValue(sig);
+    siglen = RSTRING_LENINT(sig);
     StringValue(data);
 
     ctx = EVP_MD_CTX_new();
@@ -371,7 +372,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
 	EVP_MD_CTX_free(ctx);
 	ossl_raise(ePKeyError, "EVP_VerifyUpdate");
     }
-    result = EVP_VerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey);
+    result = EVP_VerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), siglen, pkey);
     EVP_MD_CTX_free(ctx);
     switch (result) {
     case 0:
author	Kazuki Yamaguchi <k@rhe.jp>	2016-10-15 15:46:04 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2016-10-15 15:46:04 +0900
commit	e9deede7aef43ee6079571638faf973f7fc67d32 (patch)
tree	554caf30bf163ce2b93bf8c62f5775e50b244382
parent	0032f23637ddcaa3f749cc53ad625a67ce455fb1 (diff)
download	ruby-openssl-e9deede7aef43ee6079571638faf973f7fc67d32.tar.gz