[ruby-cvs:62338] rhe:r55175 (trunk): openssl: avoid NULL dereference in {DH, DSA, RSA}_size()

rhe at ruby-lang.org rhe at ruby-lang.org
Thu May 26 14:24:58 JST 2016


rhe	2016-05-26 14:24:58 +0900 (Thu, 26 May 2016)

  New Revision: 55175

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55175

  Log:
    openssl: avoid NULL dereference in {DH,DSA,RSA}_size()
    
    * ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
      has 'p' (the prime) before calling DH_size(). We can create a DH with
      no parameter but DH_size() does not check and dereferences NULL.
      [ruby-core:75720] [Bug #12428]
    
    * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
      not check dsa->q.
    
    * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
      ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
      ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_pkey_dh.c
    trunk/ext/openssl/ossl_pkey_dsa.c
    trunk/ext/openssl/ossl_pkey_rsa.c


More information about the ruby-cvs mailing list