Backport #1091: possible bad handling of return value of OCSP_basic_verify in ext/openssl/ossl_ocsp.c - Backport187 - Ruby Issue Tracking System

Actions

Copy link

Backport #1091

closed

possible bad handling of return value of OCSP_basic_verify in ext/openssl/ossl_ocsp.c

Added by lucas (Lucas Nussbaum) about 15 years ago. Updated about 13 years ago.

Status:

Closed

Assignee:

shyouhei (Shyouhei Urabe)

[ruby-core:21762]

Description

=begin
This bug was reported on the Debian bug tracker. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528

Looking at the code, it affects both ruby 1.8 and 1.9.

Quoting:

I was looking at return codes for applications making use of
openssl functions and found this in ext/openssl/ossl_ocsp.c:
result = OCSP_basic_verify(bs, x509s, x509st, flg);
sk_X509_pop_free(x509s, X509_free);
if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));

return result ? Qtrue : Qfalse;
OCSP_basic_verify() can return both 0 and -1 in error cases,
so this function can incorrectly return information to the
caller.

I have no idea if what this code is used for and what the consequences
of this might be.
=end

Files

ext_openssl_ossl_ocsp.c.diff (905 Bytes) ext_openssl_ossl_ocsp.c.diff

lrz (Laurent Sansonetti), 02/18/2009 04:13 AM

Actions

Copy link

Also available in: Atom PDF

Like0

Like0Like0Like0Like0Like0Like0Like0Like0

Project

General

Profile

Ruby » Backport187

Custom queries

Backport #1091

possible bad handling of return value of OCSP_basic_verify in ext/openssl/ossl_ocsp.c

Updated by shyouhei (Shyouhei Urabe) about 15 years ago

Updated by lrz (Laurent Sansonetti) about 15 years ago

Updated by lrz (Laurent Sansonetti) about 15 years ago

Updated by nobu (Nobuyoshi Nakada) about 15 years ago

Updated by lrz (Laurent Sansonetti) about 15 years ago

Updated by nobu (Nobuyoshi Nakada) about 15 years ago

Updated by shyouhei (Shyouhei Urabe) almost 15 years ago

Updated by shyouhei (Shyouhei Urabe) almost 15 years ago