diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-10-15 15:46:04 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-10-15 15:46:04 +0900 |
commit | e9deede7aef43ee6079571638faf973f7fc67d32 (patch) | |
tree | 554caf30bf163ce2b93bf8c62f5775e50b244382 | |
parent | 0032f23637ddcaa3f749cc53ad625a67ce455fb1 (diff) | |
download | ruby-openssl-e9deede7aef43ee6079571638faf973f7fc67d32.tar.gz |
pkey: fix possible memory leak in PKey#verify
Fix a possible memory leak that happens when the given signature is too
long for int. Check that the signature length can be represented in int
before allocating EVP_MD_CTX.
-rw-r--r-- | ext/openssl/ossl_pkey.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 9a94a465..70b97fc9 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -352,12 +352,13 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) EVP_PKEY *pkey; const EVP_MD *md; EVP_MD_CTX *ctx; - int result; + int siglen, result; GetPKey(self, pkey); pkey_check_public_key(pkey); md = GetDigestPtr(digest); StringValue(sig); + siglen = RSTRING_LENINT(sig); StringValue(data); ctx = EVP_MD_CTX_new(); @@ -371,7 +372,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) EVP_MD_CTX_free(ctx); ossl_raise(ePKeyError, "EVP_VerifyUpdate"); } - result = EVP_VerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey); + result = EVP_VerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), siglen, pkey); EVP_MD_CTX_free(ctx); switch (result) { case 0: |