1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
Patch for CVE-2009-0642 from [ruby-core:21762] / Redmine: [Bug #1091]
Ruby 1.8 and 1.9 does not properly check the return value from the
OCSP_basic_verify function, which might allow remote attackers to
successfully present an invalid X.509 certificate, possibly
involving a revoked certificate.
--- trunk/ext/openssl/ossl_ocsp.c 2008/08/31 04:45:44 18975
+++ trunk/ext/openssl/ossl_ocsp.c 2009/02/19 06:39:52 22440
@@ -593,22 +593,22 @@
static VALUE
ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
{
- VALUE certs, store, flags;
+ VALUE certs, store, flags, result;
OCSP_BASICRESP *bs;
STACK_OF(X509) *x509s;
X509_STORE *x509st;
- int flg, result;
+ int flg;
rb_scan_args(argc, argv, "21", &certs, &store, &flags);
x509st = GetX509StorePtr(store);
flg = NIL_P(flags) ? 0 : INT2NUM(flags);
x509s = ossl_x509_ary2sk(certs);
GetOCSPBasicRes(self, bs);
- result = OCSP_basic_verify(bs, x509s, x509st, flg);
+ result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse;
sk_X509_pop_free(x509s, X509_free);
if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
- return result ? Qtrue : Qfalse;
+ return result;
}
/*
|
GitWeb
