diff options
author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-05-18 07:59:09 +0000 |
---|---|---|
committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-05-18 07:59:09 +0000 |
commit | a4efe6c74a4a1ceebd79fbb42842ad87914e964e (patch) | |
tree | 46a4db4ffc5a62a501fdd6b6a8c699568d0f0195 | |
parent | 5c50c29416532df2f87c3e1383f4ba164b6870fd (diff) | |
download | ruby-a4efe6c74a4a1ceebd79fbb42842ad87914e964e.tar.gz |
openssl: fix OpenSSL error queue leak in OpenSSL::PKCS12.new
* ext/openssl/ossl_pkcs12.c (ossl_pkcs12_initialize): pop errors
leaked by PKCS12_parse(). This is a bug in OpenSSL, which exists
in the versions before the version 1.0.0t, 1.0.1p, 1.0.2d.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55057 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ext/openssl/ossl_pkcs12.c | 4 |
2 files changed, 10 insertions, 0 deletions
@@ -1,3 +1,9 @@ +Wed May 18 16:52:03 2016 Kazuki Yamaguchi <k@rhe.jp> + + * ext/openssl/ossl_pkcs12.c (ossl_pkcs12_initialize): pop errors + leaked by PKCS12_parse(). This is a bug in OpenSSL, which exists + in the versions before the version 1.0.0t, 1.0.1p, 1.0.2d. + Wed May 18 16:04:54 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> * tool/downloader.rb (Downloader::RubyGems.download): verify gems diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c index e5052d47ea..fe4dadc17b 100644 --- a/ext/openssl/ossl_pkcs12.c +++ b/ext/openssl/ossl_pkcs12.c @@ -165,8 +165,12 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self) BIO_free(in); pkey = cert = ca = Qnil; + /* OpenSSL's bug; PKCS12_parse() puts errors even if it succeeds. + * Fixed in OpenSSL 1.0.0t, 1.0.1p, 1.0.2d */ + ERR_set_mark(); if(!PKCS12_parse(pkcs, passphrase, &key, &x509, &x509s)) ossl_raise(ePKCS12Error, "PKCS12_parse"); + ERR_pop_to_mark(); pkey = rb_protect((VALUE(*)_((VALUE)))ossl_pkey_new, (VALUE)key, &st); /* NO DUP */ if(st) goto err; |