Project

General

Profile

Bug #6134

Ruby crashes when calling OpenSSL::PKCS7.new with invalid PKCS7 data

Added by mattv (Matt Venables) over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Target version:
ruby -v:
ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-darwin11.3.0]
Backport:
[ruby-core:43250]

Description

Reproducing steps:
Run the following script in 1.9.3-p125 (it is attached to the issue as well)

require 'openssl'
contents = File.read(FILE)
begin
OpenSSL::PKCS7.new(contents)
puts "OK"
rescue => e
puts "Error!"
puts e
end

Expected Result:
Ruby should not crash, the exception should be caught, and the script should output:
"Error!" followed by the exception ("Could not parse the PKCS7: ...")

Actual Result:
The script outputs "Error!" followed by the exception, and ruby segfaults. (Crash report attached).
The script occasionally operates as expected, but running it 3 or 4 times will always yield the segmentation fault.

This only happens in 1.9.3 (1.9.2 is working fine).

Tested on:
1.9.3-p0 (ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-darwin11.3.0])
1.9.3-p125 (ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-darwin11.3.0])
1.9.3-head (ruby 1.9.3p163 (2012-03-06 revision 34932) [x86_64-darwin11.3.0])


Files

openssl-pkcs7-bug.rb (139 Bytes) openssl-pkcs7-bug.rb The sample script that exhibits this behavior mattv (Matt Venables), 03/13/2012 01:44 AM
ruby_2012-03-12-123740_Matt-Venables-Macbook-Pro.crash (10.2 KB) ruby_2012-03-12-123740_Matt-Venables-Macbook-Pro.crash The crash report mattv (Matt Venables), 03/13/2012 01:44 AM

Also available in: Atom PDF