From 544daf1f7abc19fd1577b1aafd7abebef4ee19d7 Mon Sep 17 00:00:00 2001 From: nahi Date: Thu, 23 Jun 2011 10:36:09 +0000 Subject: * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_time): Check argument type with NUM2LONG if the arg is not a Time object. See #4919. * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_timeout): Check type with NUM2LONG. Time as an arg is not allowed. See #4919. * test/openssl/test_ssl_session.rb (test_session_time, test_session_timeout): Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32211 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 12 ++++++++ ext/openssl/ossl_ssl_session.c | 64 +++++++++++++++++++++++++--------------- test/openssl/test_ssl_session.rb | 52 ++++++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index d42f28c0bc..97ba243664 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +Thu Jun 23 19:30:53 2011 Hiroshi Nakamura + + * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_time): Check + argument type with NUM2LONG if the arg is not a Time object. + See #4919. + + * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_timeout): Check + type with NUM2LONG. Time as an arg is not allowed. See #4919. + + * test/openssl/test_ssl_session.rb (test_session_time, + test_session_timeout): Test it. + Wed Jun 23 13:30:30 2011 Shota Fukumori * signal.c(ruby_atomic_exchange): Fix definition style. diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c index 80abed7e67..a7437caf37 100644 --- a/ext/openssl/ossl_ssl_session.c +++ b/ext/openssl/ossl_ssl_session.c @@ -104,6 +104,8 @@ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2) * call-seq: * session.time -> Time * + * Gets start time of the session. + * */ static VALUE ossl_ssl_session_get_time(VALUE self) { @@ -124,7 +126,7 @@ static VALUE ossl_ssl_session_get_time(VALUE self) * call-seq: * session.timeout -> integer * - * How long until the session expires in seconds. + * Gets how long until the session expires in seconds. * */ static VALUE ossl_ssl_session_get_timeout(VALUE self) @@ -139,31 +141,45 @@ static VALUE ossl_ssl_session_get_timeout(VALUE self) return TIMET2NUM(t); } -#define SSLSESSION_SET_TIME(func) \ - static VALUE ossl_ssl_session_set_##func(VALUE self, VALUE time_v) \ - { \ - SSL_SESSION *ctx; \ - unsigned long t; \ - \ - GetSSLSession(self, ctx); \ - \ - if (rb_obj_is_instance_of(time_v, rb_cTime)) { \ - time_v = rb_funcall(time_v, rb_intern("to_i"), 0); \ - } else if (FIXNUM_P(time_v) || TYPE(time_v) == T_BIGNUM) { \ - ; \ - } else { \ - ossl_raise(rb_eArgError, "unknown type"); \ - } \ - \ - t = NUM2ULONG(time_v); \ - \ - SSL_SESSION_set_##func(ctx, t); \ - \ - return ossl_ssl_session_get_##func(self); \ +/* + * call-seq: + * session.time=(Time) -> Time + * session.time=(integer) -> Time + * + * Sets start time of the session. Time resolution is in seconds. + * +*/ +static VALUE ossl_ssl_session_set_time(VALUE self, VALUE time_v) +{ + SSL_SESSION *ctx; + long t; + + GetSSLSession(self, ctx); + if (rb_obj_is_instance_of(time_v, rb_cTime)) { + time_v = rb_funcall(time_v, rb_intern("to_i"), 0); } + t = NUM2LONG(time_v); + SSL_SESSION_set_time(ctx, t); + return ossl_ssl_session_get_time(self); +} -SSLSESSION_SET_TIME(time) -SSLSESSION_SET_TIME(timeout) +/* + * call-seq: + * session.timeout=(integer) -> integer + * + * Sets how long until the session expires in seconds. + * +*/ +static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v) +{ + SSL_SESSION *ctx; + long t; + + GetSSLSession(self, ctx); + t = NUM2LONG(time_v); + SSL_SESSION_set_timeout(ctx, t); + return ossl_ssl_session_get_timeout(self); +} #ifdef HAVE_SSL_SESSION_GET_ID /* diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index 05e9f61b7c..43b636f8fa 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -33,6 +33,58 @@ class OpenSSL::TestSSLSession < OpenSSL::SSLTestCase end end + DUMMY_SESSION = <<__EOS__ +-----BEGIN SSL SESSION PARAMETERS----- +MIIDzQIBAQICAwEEAgA5BCAF219w9ZEV8dNA60cpEGOI34hJtIFbf3bkfzSgMyad +MQQwyGLbkCxE4OiMLdKKem+pyh8V7ifoP7tCxhdmwoDlJxI1v6nVCjai+FGYuncy +NNSWoQYCBE4DDWuiAwIBCqOCAo4wggKKMIIBcqADAgECAgECMA0GCSqGSIb3DQEB +BQUAMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5 +LWxhbmcxCzAJBgNVBAMMAkNBMB4XDTExMDYyMzA5NTQ1MVoXDTExMDYyMzEwMjQ1 +MVowRDETMBEGCgmSJomT8ixkARkWA29yZzEZMBcGCgmSJomT8ixkARkWCXJ1Ynkt +bGFuZzESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7CxaKPERYHs +k4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/Q3geLv8Z +D9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQABoxIwEDAO +BgNVHQ8BAf8EBAMCBaAwDQYJKoZIhvcNAQEFBQADggEBACj5WhoZ/ODVeHpwgq1d +8fW/13ICRYHYpv6dzlWihyqclGxbKMlMnaVCPz+4JaVtMz3QB748KJQgL3Llg3R1 +ek+f+n1MBCMfFFsQXJ2gtLB84zD6UCz8aaCWN5/czJCd7xMz7fRLy3TOIW5boXAU +zIa8EODk+477K1uznHm286ab0Clv+9d304hwmBZgkzLg6+31Of6d6s0E0rwLGiS2 +sOWYg34Y3r4j8BS9Ak4jzpoLY6cJ0QAKCOJCgmjGr4XHpyXMLbicp3ga1uSbwtVO +gF/gTfpLhJC+y0EQ5x3Ftl88Cq7ZJuLBDMo/TLIfReJMQu/HlrTT7+LwtneSWGmr +KkSkAgQApQMCAROqgcMEgcAuDkAVfj6QAJMz9yqTzW5wPFyty7CxUEcwKjUqj5UP +/Yvky1EkRuM/eQfN7ucY+MUvMqv+R8ZSkHPsnjkBN5ChvZXjrUSZKFVjR4eFVz2V +jismLEJvIFhQh6pqTroRrOjMfTaM5Lwoytr2FTGobN9rnjIRsXeFQW1HLFbXn7Dh +8uaQkMwIVVSGRB8T7t6z6WIdWruOjCZ6G5ASI5XoqAHwGezhLodZuvJEfsVyCF9y +j+RBGfCFrrQbBdnkFI/ztgM= +-----END SSL SESSION PARAMETERS----- +__EOS__ + + def test_session_time + sess = OpenSSL::SSL::Session.new(DUMMY_SESSION) + sess.time = (now = Time.now) + assert_equal(now.to_i, sess.time.to_i) + sess.time = 1 + assert_equal(1, sess.time.to_i) + sess.time = 1.2345 + assert_equal(1, sess.time.to_i) + # Can OpenSSL handle t>2038y correctly? Version? + sess.time = 2**31 + assert_equal(2**31, sess.time.to_i) + end + + def test_session_timeout + sess = OpenSSL::SSL::Session.new(DUMMY_SESSION) + assert_raise(TypeError) do + sess.timeout = (now = Time.now) + end + sess.timeout = 1 + assert_equal(1, sess.timeout.to_i) + sess.timeout = 1.2345 + assert_equal(1, sess.timeout.to_i) + sess.timeout = 2**31 + assert_equal(2**31, sess.timeout.to_i) + end + def test_client_session last_session = nil start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true) do |server, port| -- cgit v1.2.3