From 13f33b22e129faf55cf3625b642f665f98db736e Mon Sep 17 00:00:00 2001 From: nobu Date: Sat, 15 Aug 2015 04:34:29 +0000 Subject: [PATCH] ossl_ssl.c: check SSL method name * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version): SSL method name must not contain NUL. preserve the encoding of message. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/ossl_ssl.c | 4 ++-- test/openssl/test_ssl.rb | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index eaa3dfa2e1..f7cb7f0465 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -180,7 +180,7 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method) SSL_CTX *ctx; if (RB_TYPE_P(ssl_method, T_SYMBOL)) m = rb_sym2str(ssl_method); - s = StringValuePtr(m); + s = StringValueCStr(m); for (i = 0; i < numberof(ossl_ssl_method_tab); i++) { if (strcmp(ossl_ssl_method_tab[i].name, s) == 0) { method = ossl_ssl_method_tab[i].func(); @@ -188,7 +188,7 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method) } } if (!method) { - ossl_raise(rb_eArgError, "unknown SSL method `%s'.", s); + ossl_raise(rb_eArgError, "unknown SSL method `%"PRIsVALUE"'.", m); } GetSSLCTX(self, ctx); if (SSL_CTX_set_ssl_version(ctx, method) != 1) { diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index c08842ac5e..55dc518aa6 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -10,6 +10,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal(ctx.setup, nil) end + def test_ctx_setup_invalid + m = OpenSSL::SSL::SSLContext::METHODS.first + assert_raise_with_message(ArgumentError, /null/) { + OpenSSL::SSL::SSLContext.new("#{m}\0") + } + assert_raise_with_message(ArgumentError, /\u{ff33 ff33 ff2c}/) { + OpenSSL::SSL::SSLContext.new("\u{ff33 ff33 ff2c}") + } + end + def test_options_defaults_to_OP_ALL ctx = OpenSSL::SSL::SSLContext.new assert_equal OpenSSL::SSL::OP_ALL, ctx.options