diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-12-12 20:40:36 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-07-23 13:32:35 +0900 |
commit | f61af664ecf4fd74ef0adc1138bc09455e89199f (patch) | |
tree | ebfdf069e93dd582d12d4951e26845a755822177 /ext/openssl | |
parent | e61502fb82084937160f4ffa0bda89f4c6788d6d (diff) | |
download | ruby-openssl-f61af664ecf4fd74ef0adc1138bc09455e89199f.tar.gz |
asn1: disallow NULL to be passed to asn1time_to_time()
Let the callers check the validity of the ASN1_TIME.
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/ossl_asn1.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_ocsp.c | 8 | ||||
-rw-r--r-- | ext/openssl/ossl_x509crl.c | 12 | ||||
-rw-r--r-- | ext/openssl/ossl_x509revoked.c | 6 |
4 files changed, 22 insertions, 5 deletions
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 59ef226a..00d598ef 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -24,7 +24,6 @@ asn1time_to_time(const ASN1_TIME *time) VALUE argv[6]; int count; - if (!time || !time->data) return Qnil; memset(&tm, 0, sizeof(struct tm)); switch (time->type) { diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index e34eee0c..5ddb029d 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -1309,8 +1309,10 @@ ossl_ocspsres_get_this_update(VALUE self) status = OCSP_single_get0_status(sres, NULL, NULL, &time, NULL); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); + if (!time) + return Qnil; - return asn1time_to_time(time); /* will handle NULL */ + return asn1time_to_time(time); } /* @@ -1328,6 +1330,8 @@ ossl_ocspsres_get_next_update(VALUE self) status = OCSP_single_get0_status(sres, NULL, NULL, NULL, &time); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); + if (!time) + return Qnil; return asn1time_to_time(time); } @@ -1349,6 +1353,8 @@ ossl_ocspsres_get_revocation_time(VALUE self) ossl_raise(eOCSPError, "OCSP_single_get0_status"); if (status != V_OCSP_CERTSTATUS_REVOKED) ossl_raise(eOCSPError, "certificate is not revoked"); + if (!time) + return Qnil; return asn1time_to_time(time); } diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index 3f1b76c0..d6b588fc 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -208,10 +208,14 @@ static VALUE ossl_x509crl_get_last_update(VALUE self) { X509_CRL *crl; + const ASN1_TIME *time; GetX509CRL(self, crl); + time = X509_CRL_get0_lastUpdate(crl); + if (!time) + return Qnil; - return asn1time_to_time(X509_CRL_get0_lastUpdate(crl)); + return asn1time_to_time(time); } static VALUE @@ -235,10 +239,14 @@ static VALUE ossl_x509crl_get_next_update(VALUE self) { X509_CRL *crl; + const ASN1_TIME *time; GetX509CRL(self, crl); + time = X509_CRL_get0_nextUpdate(crl); + if (!time) + return Qnil; - return asn1time_to_time(X509_CRL_get0_nextUpdate(crl)); + return asn1time_to_time(time); } static VALUE diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c index 303a3e70..85489efd 100644 --- a/ext/openssl/ossl_x509revoked.c +++ b/ext/openssl/ossl_x509revoked.c @@ -155,10 +155,14 @@ static VALUE ossl_x509revoked_get_time(VALUE self) { X509_REVOKED *rev; + const ASN1_TIME *time; GetX509Rev(self, rev); + time = X509_REVOKED_get0_revocationDate(rev); + if (!time) + return Qnil; - return asn1time_to_time(X509_REVOKED_get0_revocationDate(rev)); + return asn1time_to_time(time); } static VALUE |