merge revision(s) 41325: [Backport #8554]

* gc.c: Fixup around GC by MALLOC. Add allocate size to malloc_increase before GC for updating limit in after_gc_sweep. Reset malloc_increase into garbage_collect() for preventing GC again soon. this backport patch is written by nari. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@41624 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-06-25 12:40:50 +0000
committer: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-06-25 12:40:50 +0000
commit: 6e7ecacc1169f634e028f523da3e660f9ee6a7b6 (patch)
tree: 83414b9d77560acfec383bf7f0e0dafb9e6f5e85
parent: 6ef15ce55a095ac8fea78d579b86b41efc9dcbab (diff)
5 files changed, 56 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 91023f06dd..607f3d96a1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+Tue Jun 25 21:38:48 2013  NAKAMURA Usaku  <usa@ruby-lang.org>
+
+	* gc.c: Fixup around GC by MALLOC.
+	  Add allocate size to malloc_increase before GC
+	  for updating limit in after_gc_sweep.
+	  Reset malloc_increase into garbage_collect()
+	  for preventing GC again soon.
+	  this backport patch is written by nari.
+
 Wed Jun  5 12:38:14 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* win32/win32.c (setup_overlapped, finish_overlapped): extract from
diff --git a/ext/openssl/lib/openssl/ssl-internal.rb b/ext/openssl/lib/openssl/ssl-internal.rb
index c70b5b8f6b..356d4e8bde 100644
--- a/ext/openssl/lib/openssl/ssl-internal.rb
+++ b/ext/openssl/lib/openssl/ssl-internal.rb
@@ -88,14 +88,22 @@ module OpenSSL
       should_verify_common_name = true
       cert.extensions.each{|ext|
         next if ext.oid != "subjectAltName"
-        ext.value.split(/,\s+/).each{|general_name|
-          if /\ADNS:(.*)/ =~ general_name
+        id, ostr = OpenSSL::ASN1.decode(ext.to_der).value
+        sequence = OpenSSL::ASN1.decode(ostr.value)
+        sequence.value.each{|san|
+          case san.tag
+          when 2 # dNSName in GeneralName (RFC5280)
             should_verify_common_name = false
-            reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
+            reg = Regexp.escape(san.value).gsub(/\\\*/, "[^.]+")
             return true if /\A#{reg}\z/i =~ hostname
-          elsif /\AIP Address:(.*)/ =~ general_name
+          when 7 # iPAddress in GeneralName (RFC5280)
             should_verify_common_name = false
-            return true if $1 == hostname
+            # follows GENERAL_NAME_print() in x509v3/v3_alt.c
+            if san.value.size == 4
+              return true if san.value.unpack('C*').join('.') == hostname
+            elsif san.value.size == 16
+              return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
+            end
           end
         }
       }
diff --git a/gc.c b/gc.c
index 0f84e22966..21c9173a50 100644
--- a/gc.c
+++ b/gc.c
@@ -236,7 +236,7 @@ getrusage_time(void)
 #define GC_PROF_SET_MALLOC_INFO do {\
 	if (objspace->profile.run) {\
 	    gc_profile_record *record = &objspace->profile.record[objspace->profile.count];\
-	    record->allocate_increase = malloc_increase;\
+	    record->allocate_increase = malloc_increase + malloc_increase2;\
 	    record->allocate_limit = malloc_limit; \
 	}\
     } while(0)
@@ -352,6 +352,7 @@ typedef struct rb_objspace {
     struct {
 	size_t limit;
 	size_t increase;
+	size_t increase2;
 #if CALC_EXACT_MALLOC_SIZE
 	size_t allocated_size;
 	size_t allocations;
@@ -405,6 +406,7 @@ int *ruby_initial_gc_stress_ptr = &rb_objspace.gc_stress;
 #endif
 #define malloc_limit		objspace->malloc_params.limit
 #define malloc_increase 	objspace->malloc_params.increase
+#define malloc_increase2 	objspace->malloc_params.increase2
 #define heaps			objspace->heap.ptr
 #define heaps_length		objspace->heap.length
 #define heaps_used		objspace->heap.used
@@ -756,8 +758,9 @@ vm_malloc_prepare(rb_objspace_t *objspace, size_t size)
     size += sizeof(size_t);
 #endif
 
+    malloc_increase += size;
     if ((ruby_gc_stress && !ruby_disable_gc_stress) ||
-	(malloc_increase+size) > malloc_limit) {
+	malloc_increase > malloc_limit) {
 	garbage_collect_with_gvl(objspace);
     }
 
@@ -767,8 +770,6 @@ vm_malloc_prepare(rb_objspace_t *objspace, size_t size)
 static inline void *
 vm_malloc_fixup(rb_objspace_t *objspace, void *mem, size_t size)
 {
-    malloc_increase += size;
-
 #if CALC_EXACT_MALLOC_SIZE
     objspace->malloc_params.allocated_size += size;
     objspace->malloc_params.allocations++;
@@ -2211,6 +2212,8 @@ before_gc_sweep(rb_objspace_t *objspace)
     objspace->heap.sweep_slots = heaps;
     objspace->heap.free_num = 0;
 
+    malloc_increase2 += ATOMIC_SIZE_EXCHANGE(malloc_increase,0);
+
     /* sweep unlinked method entries */
     if (GET_VM()->unlinked_method_entry_list) {
 	rb_sweep_method_entry(GET_VM());
@@ -2227,11 +2230,12 @@ after_gc_sweep(rb_objspace_t *objspace)
         heaps_increment(objspace);
     }
 
-    if (malloc_increase > malloc_limit) {
+    if ((malloc_increase + malloc_increase2) > malloc_limit) {
 	malloc_limit += (size_t)((malloc_increase - malloc_limit) * (double)objspace->heap.live_num / (heaps_used * HEAP_OBJ_LIMIT));
 	if (malloc_limit < initial_malloc_limit) malloc_limit = initial_malloc_limit;
     }
     malloc_increase = 0;
+    malloc_increase2 = 0;
 
     free_unused_heaps(objspace);
 }
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index cf0f1b7bba..58493bf185 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -351,6 +351,28 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     }
   end
 
+  def test_verify_certificate_identity
+    # creating NULL byte SAN certificate
+    ef = OpenSSL::X509::ExtensionFactory.new
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = OpenSSL::X509::Name.parse "/DC=some/DC=site/CN=Some Site"
+    ext = ef.create_ext('subjectAltName', 'DNS:placeholder,IP:192.168.7.1,IP:13::17')
+    ext_asn1 = OpenSSL::ASN1.decode(ext.to_der)
+    san_list_der = ext_asn1.value.reduce(nil) { |memo,val| val.tag == 4 ? val.value : memo }
+    san_list_asn1 = OpenSSL::ASN1.decode(san_list_der)
+    san_list_asn1.value[0].value = 'www.example.com\0.evil.com'
+    ext_asn1.value[1].value = san_list_asn1.to_der
+    real_ext = OpenSSL::X509::Extension.new ext_asn1
+    cert.add_extension(real_ext)
+
+    assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com'))
+    assert_equal(true,  OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com\0.evil.com'))
+    assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255'))
+    assert_equal(true,  OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1'))
+    assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17'))
+    assert_equal(true,  OpenSSL::SSL.verify_certificate_identity(cert, '13:0:0:0:0:0:0:17'))
+  end
+
   def test_tlsext_hostname
     return unless OpenSSL::SSL::SSLSocket.instance_methods.include?(:hostname)
 
diff --git a/version.h b/version.h
index f596ad3637..9ec6795602 100644
--- a/version.h
+++ b/version.h
@@ -1,10 +1,10 @@
 #define RUBY_VERSION "1.9.3"
-#define RUBY_PATCHLEVEL 433
+#define RUBY_PATCHLEVEL 434
 
-#define RUBY_RELEASE_DATE "2013-06-05"
+#define RUBY_RELEASE_DATE "2013-06-25"
 #define RUBY_RELEASE_YEAR 2013
 #define RUBY_RELEASE_MONTH 6
-#define RUBY_RELEASE_DAY 5
+#define RUBY_RELEASE_DAY 25
 
 #include "ruby/version.h"
author	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-06-25 12:40:50 +0000
committer	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-06-25 12:40:50 +0000
commit	6e7ecacc1169f634e028f523da3e660f9ee6a7b6 (patch)
tree	83414b9d77560acfec383bf7f0e0dafb9e6f5e85
parent	6ef15ce55a095ac8fea78d579b86b41efc9dcbab (diff)