diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-08-15 04:34:29 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-08-15 04:34:29 +0000 |
commit | 13f33b22e129faf55cf3625b642f665f98db736e (patch) | |
tree | c798682a4087ee0d07e7fbaae138e71fd7f78f3a | |
parent | 33e39a76578517f0eb70f538e032c8dfc3416173 (diff) |
ossl_ssl.c: check SSL method name
* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version): SSL method
name must not contain NUL. preserve the encoding of message.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ext/openssl/ossl_ssl.c | 4 | ||||
-rw-r--r-- | test/openssl/test_ssl.rb | 10 |
2 files changed, 12 insertions, 2 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index eaa3dfa2e1..f7cb7f0465 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -180,7 +180,7 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method) SSL_CTX *ctx; if (RB_TYPE_P(ssl_method, T_SYMBOL)) m = rb_sym2str(ssl_method); - s = StringValuePtr(m); + s = StringValueCStr(m); for (i = 0; i < numberof(ossl_ssl_method_tab); i++) { if (strcmp(ossl_ssl_method_tab[i].name, s) == 0) { method = ossl_ssl_method_tab[i].func(); @@ -188,7 +188,7 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method) } } if (!method) { - ossl_raise(rb_eArgError, "unknown SSL method `%s'.", s); + ossl_raise(rb_eArgError, "unknown SSL method `%"PRIsVALUE"'.", m); } GetSSLCTX(self, ctx); if (SSL_CTX_set_ssl_version(ctx, method) != 1) { diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index c08842ac5e..55dc518aa6 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -10,6 +10,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase assert_equal(ctx.setup, nil) end + def test_ctx_setup_invalid + m = OpenSSL::SSL::SSLContext::METHODS.first + assert_raise_with_message(ArgumentError, /null/) { + OpenSSL::SSL::SSLContext.new("#{m}\0") + } + assert_raise_with_message(ArgumentError, /\u{ff33 ff33 ff2c}/) { + OpenSSL::SSL::SSLContext.new("\u{ff33 ff33 ff2c}") + } + end + def test_options_defaults_to_OP_ALL ctx = OpenSSL::SSL::SSLContext.new assert_equal OpenSSL::SSL::OP_ALL, ctx.options |