ossl_ssl.c: check SSL method name

* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version): SSL method
  name must not contain NUL.  preserve the encoding of message.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 12 insertions, 2 deletions

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index eaa3dfa2e1..f7cb7f0465 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -180,7 +180,7 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
     SSL_CTX *ctx;
     if (RB_TYPE_P(ssl_method, T_SYMBOL))
 	m = rb_sym2str(ssl_method);
-    s = StringValuePtr(m);
+    s = StringValueCStr(m);
     for (i = 0; i < numberof(ossl_ssl_method_tab); i++) {
         if (strcmp(ossl_ssl_method_tab[i].name, s) == 0) {
             method = ossl_ssl_method_tab[i].func();
@@ -188,7 +188,7 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
         }
     }
     if (!method) {
-        ossl_raise(rb_eArgError, "unknown SSL method `%s'.", s);
+        ossl_raise(rb_eArgError, "unknown SSL method `%"PRIsVALUE"'.", m);
     }
     GetSSLCTX(self, ctx);
     if (SSL_CTX_set_ssl_version(ctx, method) != 1) {
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index c08842ac5e..55dc518aa6 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -10,6 +10,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     assert_equal(ctx.setup, nil)
   end
 
+  def test_ctx_setup_invalid
+    m = OpenSSL::SSL::SSLContext::METHODS.first
+    assert_raise_with_message(ArgumentError, /null/) {
+      OpenSSL::SSL::SSLContext.new("#{m}\0")
+    }
+    assert_raise_with_message(ArgumentError, /\u{ff33 ff33 ff2c}/) {
+      OpenSSL::SSL::SSLContext.new("\u{ff33 ff33 ff2c}")
+    }
+  end
+
   def test_options_defaults_to_OP_ALL
     ctx = OpenSSL::SSL::SSLContext.new
     assert_equal OpenSSL::SSL::OP_ALL, ctx.options