diff options
author | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-10-22 16:54:01 +0000 |
---|---|---|
committer | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-10-22 16:54:01 +0000 |
commit | 592d390fa00361a94768ea365a191306be5d9d7e (patch) | |
tree | 6502191cec9cf752cac9120af77fd0de53ab4a9f | |
parent | 2fc74b63131316cd90994fd8b74e4ac2b918e78f (diff) | |
download | ruby-592d390fa00361a94768ea365a191306be5d9d7e.tar.gz |
* ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error
in ext/openssl instead of OpenSSL itself because LibreSSL
silently truncate the selected protocol name by casting the length
from int to unsigned char. [Bug #11369]
Patch by Jeremy Evans <merch-redmine@jeremyevans.net>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52227 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl.c | 7 |
2 files changed, 13 insertions, 2 deletions
@@ -1,3 +1,11 @@ +Fri Oct 23 00:32:02 2015 NARUSE, Yui <naruse@ruby-lang.org> + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error + in ext/openssl instead of OpenSSL itself because LibreSSL + silently truncate the selected protocol name by casting the length + from int to unsigned char. [Bug #11369] + Patch by Jeremy Evans <merch-redmine@jeremyevans.net> + Fri Oct 23 00:49:45 2015 Shugo Maeda <shugo@ruby-lang.org> * lib/un.rb (help): change the name of a block parameter to avoid diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 3e6e164682..ae9f3ca8d7 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -599,9 +599,12 @@ ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsi selected = rb_funcall(cb, rb_intern("call"), 1, protocols); StringValue(selected); + i = RSTRING_LENINT(selected); + if (i < 1 || i >= 256) { + ossl_raise(eSSLError, "Selected protocol must have length 1..255"); + } *out = (unsigned char *) StringValuePtr(selected); - *outlen = RSTRING_LENINT(selected); - + *outlen = i; return SSL_TLSEXT_ERR_OK; } |