From: Matt Venables <mattvenables@...>
Date: 2012-03-13T01:44:37+09:00
Subject: [ruby-core:43250] [ruby-trunk - Bug #6134][Open] Ruby crashes when calling OpenSSL::PKCS7.new with invalid PKCS7 data


Issue #6134 has been reported by Matt Venables.

----------------------------------------
Bug #6134: Ruby crashes when calling OpenSSL::PKCS7.new with invalid PKCS7 data
https://bugs.ruby-lang.org/issues/6134

Author: Matt Venables
Status: Open
Priority: Normal
Assignee: 
Category: 
Target version: 
ruby -v: ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-darwin11.3.0]


Reproducing steps: 
Run the following script in 1.9.3-p125 (it is attached to the issue as well)

require 'openssl'
contents = File.read(__FILE__)
begin
  OpenSSL::PKCS7.new(contents)
  puts "OK"
rescue => e
  puts "Error!"
  puts e
end


Expected Result:
Ruby should not crash,  the exception should be caught, and the script should output: 
"Error!" followed by the exception ("Could not parse the PKCS7: ...")

Actual Result:
The script outputs "Error!" followed by the exception, and ruby segfaults. (Crash report attached).
The script occasionally operates as expected, but running it 3 or 4 times will always yield the segmentation fault.

This only happens in 1.9.3 (1.9.2 is working fine).

Tested on:
1.9.3-p0 (ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-darwin11.3.0])
1.9.3-p125 (ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-darwin11.3.0])
1.9.3-head (ruby 1.9.3p163 (2012-03-06 revision 34932) [x86_64-darwin11.3.0])


-- 
http://bugs.ruby-lang.org/