Project

General

Profile

Actions
Copy link

Backport #1091

closed

possible bad handling of return value of OCSP_basic_verify in ext/openssl/ossl_ocsp.c

Added by lucas (Lucas Nussbaum) almost 16 years ago. Updated over 13 years ago.

Status:
Closed
Assignee:
shyouhei (Shyouhei Urabe)
[ruby-core:21762]

Description

=begin
This bug was reported on the Debian bug tracker. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528

Looking at the code, it affects both ruby 1.8 and 1.9.

Quoting:

I was looking at return codes for applications making use of
openssl functions and found this in ext/openssl/ossl_ocsp.c:

result = OCSP_basic_verify(bs, x509s, x509st, flg);
sk_X509_pop_free(x509s, X509_free);
if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));

return result ? Qtrue : Qfalse;

OCSP_basic_verify() can return both 0 and -1 in error cases,
so this function can incorrectly return information to the
caller.

I have no idea if what this code is used for and what the consequences
of this might be.
=end

Files

ext_openssl_ossl_ocsp.c.diff (905 Bytes) ext_openssl_ossl_ocsp.c.diff lrz (Laurent Sansonetti), 02/18/2009 04:13 AM
Actions
Copy link
 #1

Updated by shyouhei (Shyouhei Urabe) almost 16 years ago

  • Assignee set to gotoyuzo (GOTOU Yuuzou)

=begin

=end

Actions
Copy link
 #2

Updated by lrz (Laurent Sansonetti) almost 16 years ago

=begin
Here is a patch that I quickly made for 1.8 (but could also be applied in 1.9).
=end

Actions
Copy link
 #4

Updated by nobu (Nobuyoshi Nakada) almost 16 years ago

=begin
Hi,

At Wed, 18 Feb 2009 04:12:29 +0900,
Laurent Sansonetti wrote in [ruby-core:22199]:

Here is a patch that I quickly made for 1.8 (but could also be applied in 1.9).

Do you mean that OCSP_basic_verify() returns positive value on
success?

--
Nobu Nakada

=end

Actions
Copy link
 #5

Updated by lrz (Laurent Sansonetti) over 15 years ago

=begin
Yes, a return value >0 means success (though it will apparently always return 1, for now). In the case of a failure, it can return -1 or 0.
=end

Actions
Copy link
 #6

Updated by nobu (Nobuyoshi Nakada) over 15 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

=begin
Applied in changeset r22440.
=end

Actions
Copy link
 #7

Updated by shyouhei (Shyouhei Urabe) over 15 years ago

  • Status changed from Closed to Open
  • Assignee changed from gotoyuzo (GOTOU Yuuzou) to shyouhei (Shyouhei Urabe)

=begin

=end

Actions
Copy link
 #8

Updated by shyouhei (Shyouhei Urabe) over 15 years ago

  • Status changed from Open to Closed

=begin

=end

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0