[#69084] [Ruby trunk - Feature #11124] [Open] [PATCH] lib/*: use monotonic clock for timeouts — normalperson@...
Issue #11124 has been reported by Eric Wong.
5 messages
2015/05/06
[#69138] [Ruby trunk - Feature #11136] [PATCH] webrick: avoid fcntl module — nobu@...
Issue #11136 has been updated by Nobuyoshi Nakada.
3 messages
2015/05/12
[#69160] [Ruby trunk - Feature #11146] [PATCH] variable.c: initialize generic_iv_tbl at start — nobu@...
Issue #11146 has been updated by Nobuyoshi Nakada.
4 messages
2015/05/13
[#69175] Re: [Ruby trunk - Feature #11146] [PATCH] variable.c: initialize generic_iv_tbl at start
— Eric Wong <normalperson@...>
2015/05/13
nobu@ruby-lang.org wrote:
[ruby-core:69226] [Patch] Wrong behaviour on GetBNPtr
From:
Danilo <vandor.danilo@...>
Date:
2015-05-18 18:06:14 UTC
List:
ruby-core #69226
Hello,
Investigating the issue with https://bugs.ruby-lang.org/issues/10268, I found that in several places throughout ossl code the return value for GetBNPtr() is blindly passed to libcrypto. The problem is GetBNPtr() considers nil to be a valid BN object, returning a null pointer instead of raising an exception and ossl code does not handle null pointers to BN. The patch I’m sending makes a nil object no longer be considered a valid BN object.
I am currently investigating some other OpenSSL related crashes in the issue tracker that seems to branch from this condition.
diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c
index c503708..191b100 100644
--- a/ext/openssl/ossl_bn.c
+++ b/ext/openssl/ossl_bn.c
@@ -96,6 +96,8 @@ GetBNPtr(VALUE obj)
}
WrapBN(cBN, obj, bn); /* Handle potencial mem leaks */
break;
+ case T_NIL:
+ break;
default:
ossl_raise(rb_eTypeError, "Cannot convert into OpenSSL::BN");
}
Danilo