Raise an exception if the IO object passed to SSLSocket isn't a file

SSLSocket#connect eventually calls `GetOpenFile` in order to get the underlying file descriptor for the IO object passed in on initialization. `GetOpenFile` assumes that the Ruby object passed in is a T_FILE object and just casts it to a T_FILE without any checks. If you pass an object that *isn't* a T_FILE to that function, the program will segv. Since we assume the IO object is a file in the `connect` method, this commit adds a `CheckType` in the initialize method to ensure that the IO object is actually a T_FILE. If the object *isn't* a T_FILE, this class will segv on `connect`, so I think this is a backwards compatible change.
author: Aaron Patterson <tenderlove@ruby-lang.org> 2021-10-22 10:14:00 -0700
committer: Aaron Patterson <tenderlove@ruby-lang.org> 2021-10-22 10:14:00 -0700
commit: 919fa44ec2c011f595f7a32a222220f41a131338 (patch)
tree: f9fc54af3cc318d643aa48ad4e46b15b8396b52f /ext/openssl/ossl_ssl.c
parent: 2b3b29b973af9ae2433aca6f9a0a7653a48434c2 (diff)
download: ruby-openssl-919fa44ec2c011f595f7a32a222220f41a131338.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index d6d321e4..1de0f989 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1527,6 +1527,7 @@ ossl_ssl_initialize(int argc, VALUE *argv, VALUE self)
 
     if (rb_respond_to(io, rb_intern("nonblock=")))
 	rb_funcall(io, rb_intern("nonblock="), 1, Qtrue);
+    Check_Type(io, T_FILE);
     rb_ivar_set(self, id_i_io, io);
 
     ssl = SSL_new(ctx);
author	Aaron Patterson <tenderlove@ruby-lang.org>	2021-10-22 10:14:00 -0700
committer	Aaron Patterson <tenderlove@ruby-lang.org>	2021-10-22 10:14:00 -0700
commit	919fa44ec2c011f595f7a32a222220f41a131338 (patch)
tree	f9fc54af3cc318d643aa48ad4e46b15b8396b52f /ext/openssl/ossl_ssl.c
parent	2b3b29b973af9ae2433aca6f9a0a7653a48434c2 (diff)
download	ruby-openssl-919fa44ec2c011f595f7a32a222220f41a131338.tar.gz