diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2021-09-27 12:18:58 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-27 12:18:58 +0900 |
commit | 8a6d375a3c60358c798e013e612955241974856c (patch) | |
tree | 7268b64059deb7f361cf0714e8ca7406a9ae08ad | |
parent | 52c4d987c381fdbb6478af70cf881adaa9d08e2a (diff) | |
parent | b29e215786ddd389a7baf75899965dc9b4516e3e (diff) | |
download | ruby-openssl-8a6d375a3c60358c798e013e612955241974856c.tar.gz |
Merge pull request #407 from no6v/fix-timestamp-segv
fix segv in Timestamp::{Request,Response,TokenInfo}.new
-rw-r--r-- | ext/openssl/ossl_ts.c | 12 | ||||
-rw-r--r-- | test/openssl/test_ts.rb | 18 |
2 files changed, 27 insertions, 3 deletions
diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c index c90ed808..76116374 100644 --- a/ext/openssl/ossl_ts.c +++ b/ext/openssl/ossl_ts.c @@ -205,8 +205,10 @@ ossl_ts_req_initialize(int argc, VALUE *argv, VALUE self) in = ossl_obj2bio(&arg); ts_req = d2i_TS_REQ_bio(in, &ts_req); BIO_free(in); - if (!ts_req) + if (!ts_req) { + DATA_PTR(self) = NULL; ossl_raise(eTimestampError, "Error when decoding the timestamp request"); + } DATA_PTR(self) = ts_req; return self; @@ -529,8 +531,10 @@ ossl_ts_resp_initialize(VALUE self, VALUE der) in = ossl_obj2bio(&der); ts_resp = d2i_TS_RESP_bio(in, &ts_resp); BIO_free(in); - if (!ts_resp) + if (!ts_resp) { + DATA_PTR(self) = NULL; ossl_raise(eTimestampError, "Error when decoding the timestamp response"); + } DATA_PTR(self) = ts_resp; return self; @@ -871,8 +875,10 @@ ossl_ts_token_info_initialize(VALUE self, VALUE der) in = ossl_obj2bio(&der); info = d2i_TS_TST_INFO_bio(in, &info); BIO_free(in); - if (!info) + if (!info) { + DATA_PTR(self) = NULL; ossl_raise(eTimestampError, "Error when decoding the timestamp token info"); + } DATA_PTR(self) = info; return self; diff --git a/test/openssl/test_ts.rb b/test/openssl/test_ts.rb index 6e9c3089..da5f9006 100644 --- a/test/openssl/test_ts.rb +++ b/test/openssl/test_ts.rb @@ -181,6 +181,12 @@ _end_of_pem_ assert_equal(42, qer2.nonce) end + def test_request_invalid_asn1 + assert_raise(OpenSSL::Timestamp::TimestampError) do + OpenSSL::Timestamp::Request.new("*" * 44) + end + end + def test_response_constants assert_equal(0, OpenSSL::Timestamp::Response::GRANTED) assert_equal(1, OpenSSL::Timestamp::Response::GRANTED_WITH_MODS) @@ -333,6 +339,12 @@ _end_of_pem_ end end + def test_response_invalid_asn1 + assert_raise(OpenSSL::Timestamp::TimestampError) do + OpenSSL::Timestamp::Response.new("*" * 44) + end + end + def test_no_cert_requested req = OpenSSL::Timestamp::Request.new req.algorithm = "SHA1" @@ -585,6 +597,12 @@ _end_of_pem_ assert_equal(123, info.nonce) end + def test_token_info_invalid_asn1 + assert_raise(OpenSSL::Timestamp::TimestampError) do + OpenSSL::Timestamp::TokenInfo.new("*" * 44) + end + end + private def assert_cert expected, actual |