Project

General

Profile

Actions

Backport #1091

closed

possible bad handling of return value of OCSP_basic_verify in ext/openssl/ossl_ocsp.c

Added by lucas (Lucas Nussbaum) almost 16 years ago. Updated over 13 years ago.


Description

=begin
This bug was reported on the Debian bug tracker. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528

Looking at the code, it affects both ruby 1.8 and 1.9.

Quoting:

I was looking at return codes for applications making use of
openssl functions and found this in ext/openssl/ossl_ocsp.c:

result = OCSP_basic_verify(bs, x509s, x509st, flg);
sk_X509_pop_free(x509s, X509_free);
if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));

return result ? Qtrue : Qfalse;

OCSP_basic_verify() can return both 0 and -1 in error cases,
so this function can incorrectly return information to the
caller.

I have no idea if what this code is used for and what the consequences
of this might be.
=end


Files

ext_openssl_ossl_ocsp.c.diff (905 Bytes) ext_openssl_ossl_ocsp.c.diff lrz (Laurent Sansonetti), 02/18/2009 04:13 AM
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0