ossl_bn.c: fix ossl_bn_initialize bug with integer

* ext/openssl/ossl_bn.c (ossl_bn_initialize): fix buffer overflow on x64 Windows and memory leak when initializing with integer. [ruby-core:54615] [Bug #8337] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40513 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: shirosaki <shirosaki@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-04-28 13:20:11 +0000
committer: shirosaki <shirosaki@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-04-28 13:20:11 +0000
commit: be4aa330374d42cdead52a94144be189b5054e67 (patch)
tree: 825e3711608228e96a96648ab315bad465a92f73 /ext/openssl/ossl_bn.c
parent: 1e51f3046301c41e23b51aa75aa205dd14a440c0 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c
index 4e9734ee22..7d5c7d6347 100644
--- a/ext/openssl/ossl_bn.c
+++ b/ext/openssl/ossl_bn.c
@@ -123,11 +123,11 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
 
     if (RB_TYPE_P(str, T_FIXNUM)) {
 	long i;
-	unsigned char *bin = (unsigned char*)ALLOC_N(long, 1);
+	unsigned char *bin = (unsigned char*)ALLOCA_N(long, 1);
 	long n = FIX2LONG(str);
 	unsigned long un = labs(n);
 
-	for (i = sizeof(VALUE) - 1; 0 <= i; i--) {
+	for (i = sizeof(long) - 1; 0 <= i; i--) {
 	    bin[i] = un&0xff;
 	    un >>= 8;
 	}
@@ -154,8 +154,10 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
 
 	GetBN(self, bn);
 	if (!BN_bin2bn(bin, (int)sizeof(BDIGIT)*RBIGNUM_LENINT(str), bn)) {
+	    xfree(bin);
 	    ossl_raise(eBNError, NULL);
 	}
+	xfree(bin);
 	if (!RBIGNUM_SIGN(str)) BN_set_negative(bn, 1);
 	return self;
     }
author	shirosaki <shirosaki@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-04-28 13:20:11 +0000
committer	shirosaki <shirosaki@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-04-28 13:20:11 +0000
commit	be4aa330374d42cdead52a94144be189b5054e67 (patch)
tree	825e3711608228e96a96648ab315bad465a92f73 /ext/openssl/ossl_bn.c
parent	1e51f3046301c41e23b51aa75aa205dd14a440c0 (diff)