Skip to content

Commit

Permalink
Raise an exception if the IO object passed to SSLSocket isn't a file
Browse files Browse the repository at this point in the history
SSLSocket#connect eventually calls `GetOpenFile` in order to get the
underlying file descriptor for the IO object passed in on
initialization.  `GetOpenFile` assumes that the Ruby object passed in is
a T_FILE object and just casts it to a T_FILE without any checks.  If
you pass an object that *isn't* a T_FILE to that function, the program
will segv.

Since we assume the IO object is a file in the `connect` method, this
commit adds a `CheckType` in the initialize method to ensure that the IO
object is actually a T_FILE.  If the object *isn't* a T_FILE, this class
will segv on `connect`, so I think this is a backwards compatible
change.
  • Loading branch information
tenderlove committed Oct 22, 2021

Verified

This commit was signed with the committer’s verified signature.
tenderlove Aaron Patterson
1 parent 2b3b29b commit 919fa44
Showing 2 changed files with 12 additions and 0 deletions.
1 change: 1 addition & 0 deletions ext/openssl/ossl_ssl.c
Original file line number Diff line number Diff line change
@@ -1527,6 +1527,7 @@ ossl_ssl_initialize(int argc, VALUE *argv, VALUE self)

if (rb_respond_to(io, rb_intern("nonblock=")))
rb_funcall(io, rb_intern("nonblock="), 1, Qtrue);
Check_Type(io, T_FILE);
rb_ivar_set(self, id_i_io, io);

ssl = SSL_new(ctx);
11 changes: 11 additions & 0 deletions test/openssl/test_ssl.rb
Original file line number Diff line number Diff line change
@@ -4,6 +4,17 @@
if defined?(OpenSSL)

class OpenSSL::TestSSL < OpenSSL::SSLTestCase
def test_bad_socket
bad_socket = Struct.new(:sync).new
assert_raises TypeError do
socket = OpenSSL::SSL::SSLSocket.new bad_socket
# if the socket is not a T_FILE, `connect` will segv because it tries
# to get the underlying file descriptor but the API it calls assumes
# the object type is T_FILE
socket.connect
end
end

def test_ctx_options
ctx = OpenSSL::SSL::SSLContext.new

0 comments on commit 919fa44

Please sign in to comment.