diff options
author | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-11-15 06:33:36 +0000 |
---|---|---|
committer | usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-11-15 06:33:36 +0000 |
commit | 30238f96081e47178237e58f5229850514858fd3 (patch) | |
tree | 39568dfe277111b7b4740a048ba9c18e431753fe | |
parent | 3c61aab98b22d5224adad020788f8f656f528f66 (diff) |
merge revision(s) 53064: [Backport #11810]
* ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing
protocol list.
The protocol list from OpenSSL is not null-terminated.
patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl.c | 17 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 15 insertions, 11 deletions
@@ -1,3 +1,10 @@ +Tue Nov 15 15:29:36 2016 NARUSE, Yui <naruse@ruby-lang.org> + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] + Tue Nov 15 03:55:45 2016 NARUSE, Yui <naruse@ruby-lang.org> * ext/-test/file/fs.c (get_atime_p): Updating of file access times diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 0da1eb16be..5b00cb7b76 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -614,19 +614,16 @@ ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *out { VALUE selected; long len; - unsigned char l; VALUE protocols = rb_ary_new(); + unsigned char l; + const unsigned char *in_end = in + inlen; - /* The format is len_1|proto_1|...|len_n|proto_n\0 */ - while (l = *in++) { - VALUE protocol; - if (l > inlen) { - ossl_raise(eSSLError, "Invalid protocol name list"); - } - protocol = rb_str_new((const char *)in, l); - rb_ary_push(protocols, protocol); + /* assume OpenSSL verifies this format */ + /* The format is len_1|proto_1|...|len_n|proto_n */ + while (in < in_end) { + l = *in++; + rb_ary_push(protocols, rb_str_new((const char *)in, l)); in += l; - inlen -= l; } selected = rb_funcall(cb, rb_intern("call"), 1, protocols); @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.2.6" #define RUBY_RELEASE_DATE "2016-11-15" -#define RUBY_PATCHLEVEL 395 +#define RUBY_PATCHLEVEL 396 #define RUBY_RELEASE_YEAR 2016 #define RUBY_RELEASE_MONTH 11 |