diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-12 23:30:09 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-14 20:00:56 +0900 |
| commit | 9fc7a2a1206d5bfe85dff9e01f8a102fb38d2153 (patch) | |
| tree | f201d7e01bb935d09f43142d727b33611ab475b7 | |
| parent | f2e3ad91380f799e1650c38b5bd6c24b7ed6fc5b (diff) | |
| download | ruby-9fc7a2a1206d5bfe85dff9e01f8a102fb38d2153.tar.gz | |
ext/openssl: check argument type in OpenSSL::X509::Attribute#value=
The following code causes SEGV:
OpenSSL::X509::Attribute.new("challengePassword", nil)
* ext/openssl/ossl_x509attr.c (ossl_x509attr_set_value): check that the
argument is an instance of OpenSSL::ASN1::Data, before
ossl_asn1_get_asn1type().
* test/openssl/test_x509attr.rb: add tests
| -rw-r--r-- | ext/openssl/ossl_x509attr.c | 1 | ||||
| -rw-r--r-- | test/openssl/test_x509attr.rb | 47 |
2 files changed, 48 insertions, 0 deletions
diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c index d0f41c6bb8..be5f2dcf88 100644 --- a/ext/openssl/ossl_x509attr.c +++ b/ext/openssl/ossl_x509attr.c @@ -196,6 +196,7 @@ ossl_x509attr_set_value(VALUE self, VALUE value) X509_ATTRIBUTE *attr; ASN1_TYPE *a1type; + OSSL_Check_Kind(value, cASN1Data); if(!(a1type = ossl_asn1_get_asn1type(value))) ossl_raise(eASN1Error, "could not get ASN1_TYPE"); if(ASN1_TYPE_get(a1type) == V_ASN1_SEQUENCE){ diff --git a/test/openssl/test_x509attr.rb b/test/openssl/test_x509attr.rb new file mode 100644 index 0000000000..c0885030f5 --- /dev/null +++ b/test/openssl/test_x509attr.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: false +require_relative "utils" + +if defined?(OpenSSL::TestUtils) + +class OpenSSL::TestX509Attribute < Test::Unit::TestCase + def test_new + ef = OpenSSL::X509::ExtensionFactory.new + val = OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([ + ef.create_extension("keyUsage", "keyCertSign", true) + ])]) + attr = OpenSSL::X509::Attribute.new("extReq", val) + assert_equal("extReq", attr.oid) + assert_equal(val.to_der, attr.value.to_der) + end + + def test_from_der + # oid: challengePassword, values: Set[UTF8String<"abc123">] + test_der = "\x30\x15\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x07\x31\x08" \ + "\x0c\x06\x61\x62\x63\x31\x32\x33".b + attr = OpenSSL::X509::Attribute.new(test_der) + assert_equal(test_der, attr.to_der) + assert_equal("challengePassword", attr.oid) + assert_equal("abc123", attr.value.value[0].value) + end + + def test_to_der + ef = OpenSSL::X509::ExtensionFactory.new + val = OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([ + ef.create_extension("keyUsage", "keyCertSign", true) + ])]) + attr = OpenSSL::X509::Attribute.new("extReq", val) + expected = OpenSSL::ASN1::Sequence.new([ + OpenSSL::ASN1::ObjectId.new("extReq"), + val + ]) + assert_equal(expected.to_der, attr.to_der) + end + + def test_invalid_value + assert_raise(TypeError) { + OpenSSL::X509::Attribute.new("challengePassword", "1234") + } + end +end + +end |