[#76442] [Ruby trunk Feature#11741] Migrate Ruby to Git from Subversion — naruse@...
Issue #11741 has been updated by Yui NARUSE.
3 messages
2016/07/19
[#76515] [Ruby trunk Bug#12610] webrick: protect from httpoxy — nagachika00@...
Issue #12610 has been updated by Tomoyuki Chikanaga.
3 messages
2016/07/22
[ruby-core:76220] [Ruby trunk Bug#8690][Third Party's Issue] Enciphering a key with AES-128-CBC-HMAC-SHA1 crashes in OpenSSL
From:
k@...
Date:
2016-07-02 02:05:28 UTC
List:
ruby-core #76220
Issue #8690 has been updated by Kazuki Yamaguchi.
Status changed from Assigned to Third Party's Issue
Backport deleted (1.9.3: UNKNOWN, 2.0.0: UNKNOWN)
I believe this is a bug of OpenSSL that is fixed in OpenSSL 1.0.2.
Since it happens in PEM_read_bio_RSAPrivateKey(), I think there is nothing we can do.
---
key.pem: generated with OpenSSL::PKey::RSA.new(32).export(OpenSSL::Cipher.new("AES-128-CBC-HMAC-SHA1"), "a"*16)
~~~
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC-HMAC-SHA1,DD14AA4A3742E7F40460B71157CF90EC
PNO4cOhGQis8wRe2+LYUxyN0H9KBEyG+UB83JW8QW6woQvkfNu3lnj+6Ky/uVKw6
-----END RSA PRIVATE KEY-----
~~~
and `openssl rsa` explodes:
~~~
bash$ openssl version
OpenSSL 1.0.1u-dev xx XXX xxxx
bash$ openssl rsa -in key.pem -passin pass:abc
Segmentation fault (core dumped)
~~~
----------------------------------------
Bug #8690: Enciphering a key with AES-128-CBC-HMAC-SHA1 crashes in OpenSSL
https://bugs.ruby-lang.org/issues/8690#change-59440
* Author: Eric Hodel
* Status: Third Party's Issue
* Priority: Normal
* Assignee: openssl
* ruby -v: ruby 2.0.0p247 (2013-06-27 revision 41674) [x86_64-darwin12.4.0]
* Backport:
----------------------------------------
=begin
While I realize this is probably wrong, I was trying to find a cipher that JRuby 1.7.4 supported and encountered this crash.
My OpenSSL version is:
$ ruby -ropenssl -e 'p OpenSSL::OPENSSL_VERSION'
"OpenSSL 1.0.1e 11 Feb 2013"
The crash:
$ ruby crash.rb
crash.rb:10: [BUG] Segmentation fault
ruby 2.0.0p247 (2013-06-27 revision 41674) [x86_64-darwin12.4.0]
-- Crash Report log information --------------------------------------------
See Crash Report log file under the one of following:
* ~/Library/Logs/CrashReporter
* /Library/Logs/CrashReporter
* ~/Library/Logs/DiagnosticReports
* /Library/Logs/DiagnosticReports
the more detail of.
-- Control frame information -----------------------------------------------
c:0004 p:---- s:0015 e:000014 CFUNC :initialize
c:0003 p:---- s:0013 e:000012 CFUNC :new
c:0002 p:0083 s:0008 E:002448 EVAL crash.rb:10 [FINISH]
c:0001 p:0000 s:0002 E:000868 TOP [FINISH]
crash.rb:10:in `<main>'
crash.rb:10:in `new'
crash.rb:10:in `initialize'
-- C level backtrace information -------------------------------------------
-- Other runtime information -----------------------------------------------
* Loaded script: crash.rb
* Loaded features:
0 enumerator.so
1 /usr/local/lib/ruby/2.0.0/x86_64-darwin12.4.0/enc/encdb.bundle
2 /usr/local/lib/ruby/2.0.0/x86_64-darwin12.4.0/enc/trans/transdb.bundle
3 /usr/local/lib/ruby/2.0.0/x86_64-darwin12.4.0/rbconfig.rb
4 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/compatibility.rb
5 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/defaults.rb
6 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/deprecate.rb
7 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/errors.rb
8 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/version.rb
9 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/requirement.rb
10 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/platform.rb
11 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/basic_specification.rb
12 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/stub_specification.rb
13 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/specification.rb
14 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/exceptions.rb
15 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/core_ext/kernel_gem.rb
16 /usr/local/lib/ruby/2.0.0/thread.rb
17 /usr/local/lib/ruby/2.0.0/monitor.rb
18 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems/core_ext/kernel_require.rb
19 /usr/local/lib/ruby/site_ruby/2.0.0/rubygems.rb
20 /usr/local/lib/ruby/2.0.0/x86_64-darwin12.4.0/digest.bundle
21 /usr/local/lib/ruby/2.0.0/digest.rb
22 /usr/local/lib/ruby/2.0.0/x86_64-darwin12.4.0/openssl.bundle
23 /usr/local/lib/ruby/2.0.0/openssl/bn.rb
24 /usr/local/lib/ruby/2.0.0/openssl/cipher.rb
25 /usr/local/lib/ruby/2.0.0/x86_64-darwin12.4.0/stringio.bundle
26 /usr/local/lib/ruby/2.0.0/openssl/config.rb
27 /usr/local/lib/ruby/2.0.0/openssl/digest.rb
28 /usr/local/lib/ruby/2.0.0/openssl/x509.rb
29 /usr/local/lib/ruby/2.0.0/openssl/buffering.rb
30 /usr/local/lib/ruby/2.0.0/x86_64-darwin12.4.0/fcntl.bundle
31 /usr/local/lib/ruby/2.0.0/openssl/ssl.rb
32 /usr/local/lib/ruby/2.0.0/openssl.rb
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
Abort trap: 6
Attached are the script I used to reproduce the crash and the OS X crash report.
=end
---Files--------------------------------
crash.rb (240 Bytes)
ruby_2013-07-25-134113_kault.crash (9.16 KB)
--
https://bugs.ruby-lang.org/
Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>