diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-30 17:25:22 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-09-02 18:48:53 +0900 |
| commit | fb7fe81e8bdf71087c067ccf42cfab81bc7bd362 (patch) | |
| tree | fdf1abb48e8a2cbc953fa5ad2aca227dac93f0c1 | |
| parent | a98152afa41685f92ad867576cb44bda36b228d6 (diff) | |
| download | ruby-openssl-fb7fe81e8bdf71087c067ccf42cfab81bc7bd362.tar.gz | |
ssl: ensure that SSL option flags are non-negative
SSL_CTX_{get,set,clear}_options() are made separate functions and they
now treat flags as unsigned long. Fix possible RangeError on platforms
with sizeof(long)==4.
| -rw-r--r-- | ext/openssl/ossl_ssl.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 828e934d..350b3c1d 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -727,7 +727,11 @@ ossl_sslctx_get_options(VALUE self) { SSL_CTX *ctx; GetSSLCTX(self, ctx); - return LONG2NUM(SSL_CTX_get_options(ctx)); + /* + * Do explicit cast because SSL_CTX_get_options() returned (signed) long in + * OpenSSL before 1.1.0. + */ + return ULONG2NUM((unsigned long)SSL_CTX_get_options(ctx)); } /* @@ -746,7 +750,7 @@ ossl_sslctx_set_options(VALUE self, VALUE options) if (NIL_P(options)) { SSL_CTX_set_options(ctx, SSL_OP_ALL); } else { - SSL_CTX_set_options(ctx, NUM2LONG(options)); + SSL_CTX_set_options(ctx, NUM2ULONG(options)); } return self; @@ -2661,7 +2665,7 @@ Init_ossl_ssl(void) # endif #endif -#define ossl_ssl_def_const(x) rb_define_const(mSSL, #x, LONG2NUM(SSL_##x)) +#define ossl_ssl_def_const(x) rb_define_const(mSSL, #x, ULONG2NUM(SSL_##x)) ossl_ssl_def_const(VERIFY_NONE); ossl_ssl_def_const(VERIFY_PEER); |