merge revision(s) 53064: [Backport #11810]

* ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing protocol list. The protocol list from OpenSSL is not null-terminated. patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-11-15 06:33:36 +0000
committer: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-11-15 06:33:36 +0000
commit: 30238f96081e47178237e58f5229850514858fd3 (patch)
tree: 39568dfe277111b7b4740a048ba9c18e431753fe
parent: 3c61aab98b22d5224adad020788f8f656f528f66 (diff)
3 files changed, 15 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index cae6e73df6..f8f303e59c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Tue Nov 15 15:29:36 2016  NARUSE, Yui  <naruse@ruby-lang.org>
+
+	* ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing
+	  protocol list.
+	  The protocol list from OpenSSL is not null-terminated.
+	  patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082]
+
 Tue Nov 15 03:55:45 2016  NARUSE, Yui  <naruse@ruby-lang.org>
 
 	* ext/-test/file/fs.c (get_atime_p): Updating of file access times
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 0da1eb16be..5b00cb7b76 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -614,19 +614,16 @@ ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *out
 {
     VALUE selected;
     long len;
-    unsigned char l;
     VALUE protocols = rb_ary_new();
+    unsigned char l;
+    const unsigned char *in_end = in + inlen;
 
-    /* The format is len_1|proto_1|...|len_n|proto_n\0 */
-    while (l = *in++) {
-	VALUE protocol;
-	if (l > inlen) {
-	    ossl_raise(eSSLError, "Invalid protocol name list");
-	}
-	protocol = rb_str_new((const char *)in, l);
-	rb_ary_push(protocols, protocol);
+    /* assume OpenSSL verifies this format */
+    /* The format is len_1|proto_1|...|len_n|proto_n */
+    while (in < in_end) {
+	l = *in++;
+	rb_ary_push(protocols, rb_str_new((const char *)in, l));
 	in += l;
-	inlen -= l;
     }
 
     selected = rb_funcall(cb, rb_intern("call"), 1, protocols);
diff --git a/version.h b/version.h
index 1834ed704a..6e2d70de01 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.2.6"
 #define RUBY_RELEASE_DATE "2016-11-15"
-#define RUBY_PATCHLEVEL 395
+#define RUBY_PATCHLEVEL 396
 
 #define RUBY_RELEASE_YEAR 2016
 #define RUBY_RELEASE_MONTH 11
author	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-11-15 06:33:36 +0000
committer	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-11-15 06:33:36 +0000
commit	30238f96081e47178237e58f5229850514858fd3 (patch)
tree	39568dfe277111b7b4740a048ba9c18e431753fe
parent	3c61aab98b22d5224adad020788f8f656f528f66 (diff)