From d65d34e6895da12e4cd02ad179983059b83f6b48 Mon Sep 17 00:00:00 2001 From: rhe Date: Thu, 26 May 2016 05:24:58 +0000 Subject: openssl: avoid NULL dereference in {DH,DSA,RSA}_size() * ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH has 'p' (the prime) before calling DH_size(). We can create a DH with no parameter but DH_size() does not check and dereferences NULL. [ruby-core:75720] [Bug #12428] * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does not check dsa->q. * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt, ossl_rsa_public_decrypt, ossl_rsa_private_encrypt, ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55175 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/ossl_pkey_dsa.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'ext/openssl/ossl_pkey_dsa.c') diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index 29033809..704fad6d 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -488,10 +488,11 @@ ossl_dsa_sign(VALUE self, VALUE data) VALUE str; GetPKeyDSA(self, pkey); - StringValue(data); - if (!DSA_PRIVATE(self, pkey->pkey.dsa)) { + if (!pkey->pkey.dsa->q) + ossl_raise(eDSAError, "incomplete DSA"); + if (!DSA_PRIVATE(self, pkey->pkey.dsa)) ossl_raise(eDSAError, "Private DSA key needed!"); - } + StringValue(data); str = rb_str_new(0, ossl_dsa_buf_size(pkey)); if (!DSA_sign(0, (unsigned char *)RSTRING_PTR(data), RSTRING_LENINT(data), (unsigned char *)RSTRING_PTR(str), -- cgit v1.2.3