Project

General

Profile

Actions

Bug #10268

closed

OpenSSL::PKey::EC::Point#mul causes a segmentation fault

Added by ktsj (Kazuki Tsujimoto) over 9 years ago. Updated almost 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.2.0dev (2014-09-20 trunk 47651) [x86_64-linux]
[ruby-core:65152]

Description

Following code sometimes causes SEGV on Ubuntu 14.04 x86_64.
Backtrace log is attached.

require 'openssl'

GC.stress = true

ec = OpenSSL::PKey::EC.new <<_end_of_pem_
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIID49FDqcf1O1eO8saTgG70UbXQw9Fqwseliit2aWhH1oAoGCCqGSM49
AwEHoUQDQgAEFglk2c+oVUIKQ64eZG9bhLNPWB7lSZ/ArK41eGy5wAzU/0G51Xtt
CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
-----END EC PRIVATE KEY-----
_end_of_pem_

p1 = ec.public_key
p1.mul([nil], [p1])

Files

backtrace.log (1.92 KB) backtrace.log ktsj (Kazuki Tsujimoto), 09/20/2014 05:43 AM
dif_GetBNPtr.patch (360 Bytes) dif_GetBNPtr.patch oak (Danilo Martins), 05/15/2015 08:59 PM

Updated by oak (Danilo Martins) almost 9 years ago

This bug is due to passing null pointers to EC_POINTs_mul(). This function, in turn, does not handle null pointer arguments. Looking over the code, there are several points where the results of GetBNPtr() are used without checking for null values. The fix is a one-line change. This does not break any tests.

Actions #2

Updated by zzak (zzak _) over 8 years ago

  • Assignee set to 7150
Actions #3

Updated by Anonymous almost 8 years ago

  • Status changed from Open to Closed

Applied in changeset r55048.


ext/openssl: refactor OpenSSL::PKey::EC::Point#mul

  • ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): Validate the
    arguments before passing to EC_POINT(s)_mul(). Add description of this
    method. [ruby-core:65152] [Bug #10268]

  • test/openssl/test_pkey_ec.rb (test_ec_point_mul): Test that
    OpenSSL::PKey::EC::Point#mul works.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0