Bug #10268
closedOpenSSL::PKey::EC::Point#mul causes a segmentation fault
Description
Following code sometimes causes SEGV on Ubuntu 14.04 x86_64.
Backtrace log is attached.
require 'openssl'
GC.stress = true
ec = OpenSSL::PKey::EC.new <<_end_of_pem_
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIID49FDqcf1O1eO8saTgG70UbXQw9Fqwseliit2aWhH1oAoGCCqGSM49
AwEHoUQDQgAEFglk2c+oVUIKQ64eZG9bhLNPWB7lSZ/ArK41eGy5wAzU/0G51Xtt
CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
-----END EC PRIVATE KEY-----
_end_of_pem_
p1 = ec.public_key
p1.mul([nil], [p1])
Files
Updated by oak (Danilo Martins) about 9 years ago
- File dif_GetBNPtr.patch dif_GetBNPtr.patch added
This bug is due to passing null pointers to EC_POINTs_mul(). This function, in turn, does not handle null pointer arguments. Looking over the code, there are several points where the results of GetBNPtr() are used without checking for null values. The fix is a one-line change. This does not break any tests.
Updated by Anonymous about 8 years ago
- Status changed from Open to Closed
Applied in changeset r55048.
ext/openssl: refactor OpenSSL::PKey::EC::Point#mul
-
ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): Validate the
arguments before passing to EC_POINT(s)_mul(). Add description of this
method. [ruby-core:65152] [Bug #10268] -
test/openssl/test_pkey_ec.rb (test_ec_point_mul): Test that
OpenSSL::PKey::EC::Point#mul works.