[#55794] how to run ruby tests (backporting fix for cve-2013-4073) — Jordi Massaguer Pla <jmassaguerpla@...>
Hi ruby core developers,
4 messages
2013/07/04
[#55799] Re: how to run ruby tests (backporting fix for cve-2013-4073)
— V咜 Ondruch <v.ondruch@...>
2013/07/04
Dne 4.7.2013 13:19, Jordi Massaguer Pla napsal(a):
[#55853] ruby 1.9.3 p448 breaks ABI — V咜 Ondruch <v.ondruch@...>
Hi,
13 messages
2013/07/08
[#55854] Re: ruby 1.9.3 p448 breaks ABI
— Yorick Peterse <yorickpeterse@...>
2013/07/08
Out of curiosity, does this tool take into account deprecated/internal
[#55860] Re: ruby 1.9.3 p448 breaks ABI
— V咜 Ondruch <v.ondruch@...>
2013/07/08
Dne 8.7.2013 17:03, Yorick Peterse napsal(a):
[#55861] Re: ruby 1.9.3 p448 breaks ABI
— KOSAKI Motohiro <kosaki.motohiro@...>
2013/07/08
(7/8/13 5:36 PM), V咜 Ondruch wrote:
[#55864] Re: ruby 1.9.3 p448 breaks ABI
— Jon <jon.forums@...>
2013/07/08
On Tue, 9 Jul 2013 06:50:16 +0900
[#55886] [ruby-trunk - Bug #8616][Open] Process.daemon messes up threads — "tenderlovemaking (Aaron Patterson)" <aaron@...>
10 messages
2013/07/09
[#55976] [ruby-trunk - Feature #8629][Open] Method#parameters should include the default value — "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>
13 messages
2013/07/12
[#56258] [ruby-trunk - Feature #8629] Method#parameters should include the default value
— "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>
2013/07/29
[#55984] [ruby-trunk - Bug #8630][Open] Transcoding high-bit bytes from ASCII-8BIT to a text encoding should be :invalid, not :undef — "headius (Charles Nutter)" <headius@...>
5 messages
2013/07/12
[#55986] Re: [ruby-trunk - Bug #8630][Open] Transcoding high-bit bytes from ASCII-8BIT to a text encoding should be :invalid, not :undef
— Tanaka Akira <akr@...>
2013/07/12
2013/7/13 headius (Charles Nutter) <headius@headius.com>:
[#55988] Next developer's meeting — Aaron Patterson <tenderlove@...>
Hi,
4 messages
2013/07/13
[#56001] [CommonRuby - Feature #8635][Open] attr_accessor with default block — "judofyr (Magnus Holm)" <judofyr@...>
5 messages
2013/07/14
[#56004] [ruby-trunk - Feature #8636][Open] Documentation hosting on ruby-lang.org — "zzak (Zachary Scott)" <e@...>
18 messages
2013/07/15
[#56005] [ruby-trunk - Feature #8637][Open] I18n documentation — "zzak (Zachary Scott)" <e@...>
5 messages
2013/07/15
[#56010] [ruby-trunk - Feature #8637] I18n documentation
— "zzak (Zachary Scott)" <e@...>
2013/07/15
[#56011] [ruby-trunk - Feature #8637] I18n documentation
— "kou (Kouhei Sutou)" <kou@...>
2013/07/15
[#56019] [ruby-trunk - Feature #8639][Open] Add Queue#each — "avdi (Avdi Grimm)" <avdi@...>
15 messages
2013/07/15
[#56020] [ruby-trunk - Feature #8639] Add Queue#each
— "rkh (Konstantin Haase)" <me@...>
2013/07/15
[#56029] Re: [ruby-trunk - Feature #8639][Open] Add Queue#each
— Alex Young <alex@...>
2013/07/15
On Tue, 2013-07-16 at 00:44 +0900, avdi (Avdi Grimm) wrote:
[#56027] [CommonRuby - Feature #8640][Open] Add Time#elapsed to return nanoseconds since creation — "tenderlovemaking (Aaron Patterson)" <aaron@...>
24 messages
2013/07/15
[#56068] [CommonRuby - Feature #8640] Add Time#elapsed to return nanoseconds since creation
— "phluid61 (Matthew Kerwin)" <matthew@...>
2013/07/17
[#56070] Re: [CommonRuby - Feature #8640] Add Time#elapsed to return nanoseconds since creation
— Aaron Patterson <tenderlove@...>
2013/07/18
On Thu, Jul 18, 2013 at 07:59:34AM +0900, phluid61 (Matthew Kerwin) wrote:
[#56037] [CommonRuby - Feature #8640] Add Time#elapsed to return nanoseconds since creation
— duerst (Martin Dürst) <duerst@...>
2013/07/16
[#56041] [CommonRuby - Feature #8643][Open] Add Binding.from_hash — "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>
26 messages
2013/07/16
[#56087] [ruby-trunk - Feature #8658][Open] Process.clock_gettime — "akr (Akira Tanaka)" <akr@...>
23 messages
2013/07/19
[#56092] [ruby-trunk - Feature #8658] Process.clock_gettime
— "akr (Akira Tanaka)" <akr@...>
2013/07/20
[#56132] Re: [ruby-trunk - Feature #8658] Process.clock_gettime
— KOSAKI Motohiro <kosaki.motohiro@...>
2013/07/23
(7/20/13 6:39 AM), akr (Akira Tanaka) wrote:
[#56135] Re: [ruby-trunk - Feature #8658] Process.clock_gettime
— Tanaka Akira <akr@...>
2013/07/24
2013/7/24 KOSAKI Motohiro <kosaki.motohiro@gmail.com>:
[#56096] [CommonRuby - Feature #8661][Open] Add option to print backstrace in reverse order(stack frames first & error last) — "gary4gar (Gaurish Sharma)" <gary4gar@...>
18 messages
2013/07/20
[#56103] Ruby Developer Meeting Japan 2013-07-27 — "NARUSE, Yui" <naruse@...>
Hi,
6 messages
2013/07/21
[#56228] [ruby-trunk - Bug #8697][Open] Fixnum complement operator issue — "torimus (Torimus GL)" <torimus.gl@...>
8 messages
2013/07/27
[#56247] [ruby-trunk - Feature #8700][Open] Integer#bitsize (actually Fixnum#bitsize and Bignum#bitsize) — "akr (Akira Tanaka)" <akr@...>
8 messages
2013/07/28
[#56270] [ruby-trunk - Feature #8707][Open] Hash#reverse_each — "Glass_saga (Masaki Matsushita)" <glass.saga@...>
8 messages
2013/07/30
[#56276] [ruby-trunk - Feature #8707][Feedback] Hash#reverse_each
— "matz (Yukihiro Matsumoto)" <matz@...>
2013/07/31
[ruby-core:55794] how to run ruby tests (backporting fix for cve-2013-4073)
From:
Jordi Massaguer Pla <jmassaguerpla@...>
Date:
2013-07-04 11:19:49 UTC
List:
ruby-core #55794
Hi ruby core developers, I am trying to backport fix for cve-2013-4073 (hostname check bypassing vulnerability in SSL client) to ruby-1.8.6. By reading the code, I've been able to write a patch (see attachment) but I don't known how to run the test suite, so that I can think of adding a new test and check there is no regressions. So far I tried: ruby test/runner.rb but I get the error message: test/runner.rb:4: private method `scan' called for nil:NilClass (NoMethodError) I think the trouble is in the 3rd line: rcsid = %w$Id$ $Id$ resolts to nil. Thus, what am I missing? ruby version? thanks
Attachments (1)
fix-cve-2013-4073.ruby.1.8.6.patch
(1.43 KB, text/x-diff)
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index 9e9a944..b3d8e37 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -69,14 +69,22 @@ module OpenSSL
cert = peer_cert
cert.extensions.each{|ext|
next if ext.oid != "subjectAltName"
- ext.value.split(/,\s+/).each{|general_name|
- if /\ADNS:(.*)/ =~ general_name
+ id, ostr = OpenSSL::ASN1.decode(ext.to_der).value
+ sequence = OpenSSL::ASN1.decode(ostr.value)
+ sequence.value.each{|san|
+ case san.tag
+ when 2 # dNSName in GeneralName (RFC5280)
check_common_name = false
- reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
+ reg = Regexp.escape(san.value).gsub(/\\\*/, "[^.]+")
return true if /\A#{reg}\z/i =~ hostname
- elsif /\AIP Address:(.*)/ =~ general_name
+ when 7 # iPAddress in GeneralName (RFC5280)
check_common_name = false
- return true if $1 == hostname
+ # follows GENERAL_NAME_print() in x509v3/v3_alt.c
+ if san.value.size == 4
+ return true if san.value.unpack('C*').join('.') == hostname
+ elsif san.value.size == 16
+ return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
+ end
end
}
}