diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-06-25 12:40:50 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-06-25 12:40:50 +0000 |
commit | 6e7ecacc1169f634e028f523da3e660f9ee6a7b6 (patch) | |
tree | 83414b9d77560acfec383bf7f0e0dafb9e6f5e85 | |
parent | 6ef15ce55a095ac8fea78d579b86b41efc9dcbab (diff) |
merge revision(s) 41325: [Backport #8554]
* gc.c: Fixup around GC by MALLOC.
Add allocate size to malloc_increase before GC
for updating limit in after_gc_sweep.
Reset malloc_increase into garbage_collect()
for preventing GC again soon.
this backport patch is written by nari.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@41624 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | ext/openssl/lib/openssl/ssl-internal.rb | 18 | ||||
-rw-r--r-- | gc.c | 14 | ||||
-rw-r--r-- | test/openssl/test_ssl.rb | 22 | ||||
-rw-r--r-- | version.h | 6 |
5 files changed, 56 insertions, 13 deletions
@@ -1,3 +1,12 @@ +Tue Jun 25 21:38:48 2013 NAKAMURA Usaku <usa@ruby-lang.org> + + * gc.c: Fixup around GC by MALLOC. + Add allocate size to malloc_increase before GC + for updating limit in after_gc_sweep. + Reset malloc_increase into garbage_collect() + for preventing GC again soon. + this backport patch is written by nari. + Wed Jun 5 12:38:14 2013 Nobuyoshi Nakada <nobu@ruby-lang.org> * win32/win32.c (setup_overlapped, finish_overlapped): extract from diff --git a/ext/openssl/lib/openssl/ssl-internal.rb b/ext/openssl/lib/openssl/ssl-internal.rb index c70b5b8f6b..356d4e8bde 100644 --- a/ext/openssl/lib/openssl/ssl-internal.rb +++ b/ext/openssl/lib/openssl/ssl-internal.rb @@ -88,14 +88,22 @@ module OpenSSL should_verify_common_name = true cert.extensions.each{|ext| next if ext.oid != "subjectAltName" - ext.value.split(/,\s+/).each{|general_name| - if /\ADNS:(.*)/ =~ general_name + id, ostr = OpenSSL::ASN1.decode(ext.to_der).value + sequence = OpenSSL::ASN1.decode(ostr.value) + sequence.value.each{|san| + case san.tag + when 2 # dNSName in GeneralName (RFC5280) should_verify_common_name = false - reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") + reg = Regexp.escape(san.value).gsub(/\\\*/, "[^.]+") return true if /\A#{reg}\z/i =~ hostname - elsif /\AIP Address:(.*)/ =~ general_name + when 7 # iPAddress in GeneralName (RFC5280) should_verify_common_name = false - return true if $1 == hostname + # follows GENERAL_NAME_print() in x509v3/v3_alt.c + if san.value.size == 4 + return true if san.value.unpack('C*').join('.') == hostname + elsif san.value.size == 16 + return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname + end end } } @@ -236,7 +236,7 @@ getrusage_time(void) #define GC_PROF_SET_MALLOC_INFO do {\ if (objspace->profile.run) {\ gc_profile_record *record = &objspace->profile.record[objspace->profile.count];\ - record->allocate_increase = malloc_increase;\ + record->allocate_increase = malloc_increase + malloc_increase2;\ record->allocate_limit = malloc_limit; \ }\ } while(0) @@ -352,6 +352,7 @@ typedef struct rb_objspace { struct { size_t limit; size_t increase; + size_t increase2; #if CALC_EXACT_MALLOC_SIZE size_t allocated_size; size_t allocations; @@ -405,6 +406,7 @@ int *ruby_initial_gc_stress_ptr = &rb_objspace.gc_stress; #endif #define malloc_limit objspace->malloc_params.limit #define malloc_increase objspace->malloc_params.increase +#define malloc_increase2 objspace->malloc_params.increase2 #define heaps objspace->heap.ptr #define heaps_length objspace->heap.length #define heaps_used objspace->heap.used @@ -756,8 +758,9 @@ vm_malloc_prepare(rb_objspace_t *objspace, size_t size) size += sizeof(size_t); #endif + malloc_increase += size; if ((ruby_gc_stress && !ruby_disable_gc_stress) || - (malloc_increase+size) > malloc_limit) { + malloc_increase > malloc_limit) { garbage_collect_with_gvl(objspace); } @@ -767,8 +770,6 @@ vm_malloc_prepare(rb_objspace_t *objspace, size_t size) static inline void * vm_malloc_fixup(rb_objspace_t *objspace, void *mem, size_t size) { - malloc_increase += size; - #if CALC_EXACT_MALLOC_SIZE objspace->malloc_params.allocated_size += size; objspace->malloc_params.allocations++; @@ -2211,6 +2212,8 @@ before_gc_sweep(rb_objspace_t *objspace) objspace->heap.sweep_slots = heaps; objspace->heap.free_num = 0; + malloc_increase2 += ATOMIC_SIZE_EXCHANGE(malloc_increase,0); + /* sweep unlinked method entries */ if (GET_VM()->unlinked_method_entry_list) { rb_sweep_method_entry(GET_VM()); @@ -2227,11 +2230,12 @@ after_gc_sweep(rb_objspace_t *objspace) heaps_increment(objspace); } - if (malloc_increase > malloc_limit) { + if ((malloc_increase + malloc_increase2) > malloc_limit) { malloc_limit += (size_t)((malloc_increase - malloc_limit) * (double)objspace->heap.live_num / (heaps_used * HEAP_OBJ_LIMIT)); if (malloc_limit < initial_malloc_limit) malloc_limit = initial_malloc_limit; } malloc_increase = 0; + malloc_increase2 = 0; free_unused_heaps(objspace); } diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index cf0f1b7bba..58493bf185 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -351,6 +351,28 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase } end + def test_verify_certificate_identity + # creating NULL byte SAN certificate + ef = OpenSSL::X509::ExtensionFactory.new + cert = OpenSSL::X509::Certificate.new + cert.subject = OpenSSL::X509::Name.parse "/DC=some/DC=site/CN=Some Site" + ext = ef.create_ext('subjectAltName', 'DNS:placeholder,IP:192.168.7.1,IP:13::17') + ext_asn1 = OpenSSL::ASN1.decode(ext.to_der) + san_list_der = ext_asn1.value.reduce(nil) { |memo,val| val.tag == 4 ? val.value : memo } + san_list_asn1 = OpenSSL::ASN1.decode(san_list_der) + san_list_asn1.value[0].value = 'www.example.com\0.evil.com' + ext_asn1.value[1].value = san_list_asn1.to_der + real_ext = OpenSSL::X509::Extension.new ext_asn1 + cert.add_extension(real_ext) + + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com\0.evil.com')) + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1')) + assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '13:0:0:0:0:0:0:17')) + end + def test_tlsext_hostname return unless OpenSSL::SSL::SSLSocket.instance_methods.include?(:hostname) @@ -1,10 +1,10 @@ #define RUBY_VERSION "1.9.3" -#define RUBY_PATCHLEVEL 433 +#define RUBY_PATCHLEVEL 434 -#define RUBY_RELEASE_DATE "2013-06-05" +#define RUBY_RELEASE_DATE "2013-06-25" #define RUBY_RELEASE_YEAR 2013 #define RUBY_RELEASE_MONTH 6 -#define RUBY_RELEASE_DAY 5 +#define RUBY_RELEASE_DAY 25 #include "ruby/version.h" |