Project

General

Profile

Bug #12428

OpenSSL::PKey::RSA.public_encrypt crashes ruby when initiated without key size.

Added by cjeon (CHEOLHO JEON) about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
openssl
Target version:
-
ruby -v:
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin15]
[ruby-core:75720]

Description

Hi, I think I found a bug. OpenSSL::PKey::RSA initiated without keysize crashes when public_encrypt is called.
Below script will crash ruby (it is attached as opensslcrash.rb)

require('openssl')
p = OpenSSL::PKey::RSA.new
p.public_encrypt('hi')

I'm attaching error message(ruby opensslcrash.rb &> error_message.txt) and crash reports under /Users/CJeon/Library/Logs/DiagnosticReports.

Let me know if you guys need further information. Thanks!


Files

error_message.txt (7.03 KB) error_message.txt error message cjeon (CHEOLHO JEON), 05/25/2016 11:28 AM
crash.tar (149 KB) crash.tar crash reports cjeon (CHEOLHO JEON), 05/25/2016 11:28 AM
opensslcrash.rb (276 Bytes) opensslcrash.rb cjeon (CHEOLHO JEON), 05/25/2016 11:34 AM

Related issues

Has duplicate Ruby master - Bug #12865: openssl: segmentation fault when nil is passed as keyClosedActions

Associated revisions

Revision a1d9afc2
Added by rhe about 3 years ago

openssl: avoid NULL dereference in {DH,DSA,RSA}_size()

  • ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
    has 'p' (the prime) before calling DH_size(). We can create a DH with
    no parameter but DH_size() does not check and dereferences NULL.
    [ruby-core:75720] [Bug #12428]

  • ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
    not check dsa->q.

  • ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
    ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
    ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55175 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 55175
Added by rhenium (Kazuki Yamaguchi) about 3 years ago

openssl: avoid NULL dereference in {DH,DSA,RSA}_size()

  • ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
    has 'p' (the prime) before calling DH_size(). We can create a DH with
    no parameter but DH_size() does not check and dereferences NULL.
    [ruby-core:75720] [Bug #12428]

  • ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
    not check dsa->q.

  • ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
    ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
    ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

Revision 55175
Added by rhe about 3 years ago

openssl: avoid NULL dereference in {DH,DSA,RSA}_size()

  • ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
    has 'p' (the prime) before calling DH_size(). We can create a DH with
    no parameter but DH_size() does not check and dereferences NULL.
    [ruby-core:75720] [Bug #12428]

  • ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
    not check dsa->q.

  • ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
    ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
    ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

Revision 55175
Added by rhe about 3 years ago

openssl: avoid NULL dereference in {DH,DSA,RSA}_size()

  • ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
    has 'p' (the prime) before calling DH_size(). We can create a DH with
    no parameter but DH_size() does not check and dereferences NULL.
    [ruby-core:75720] [Bug #12428]

  • ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
    not check dsa->q.

  • ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
    ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
    ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

Revision 55175
Added by rhe about 3 years ago

openssl: avoid NULL dereference in {DH,DSA,RSA}_size()

  • ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
    has 'p' (the prime) before calling DH_size(). We can create a DH with
    no parameter but DH_size() does not check and dereferences NULL.
    [ruby-core:75720] [Bug #12428]

  • ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
    not check dsa->q.

  • ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
    ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
    ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

Revision 243d224f
Added by nagachika (Tomoyuki Chikanaga) about 3 years ago

merge revision(s) 55175: [Backport #12428]

    * ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
      has 'p' (the prime) before calling DH_size(). We can create a DH with
      no parameter but DH_size() does not check and dereferences NULL.
      [ruby-core:75720] [Bug #12428]

    * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
      not check dsa->q.

    * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
      ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
      ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@55904 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 55904
Added by nagachika (Tomoyuki Chikanaga) about 3 years ago

merge revision(s) 55175: [Backport #12428]

* ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
  has 'p' (the prime) before calling DH_size(). We can create a DH with
  no parameter but DH_size() does not check and dereferences NULL.
  [ruby-core:75720] [Bug #12428]

* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
  not check dsa->q.

* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
  ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
  ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

Revision ef62988e
Added by usa (Usaku NAKAMURA) about 3 years ago

merge revision(s) 55175: [Backport #12428]

    * ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
      has 'p' (the prime) before calling DH_size(). We can create a DH with
      no parameter but DH_size() does not check and dereferences NULL.
      [ruby-core:75720] [Bug #12428]

    * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
      not check dsa->q.

    * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
      ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
      ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@55935 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 55935
Added by usa (Usaku NAKAMURA) about 3 years ago

merge revision(s) 55175: [Backport #12428]

* ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
  has 'p' (the prime) before calling DH_size(). We can create a DH with
  no parameter but DH_size() does not check and dereferences NULL.
  [ruby-core:75720] [Bug #12428]

* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
  not check dsa->q.

* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
  ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
  ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

History

#2

Updated by Anonymous about 3 years ago

  • Status changed from Open to Closed

Applied in changeset r55175.


openssl: avoid NULL dereference in {DH,DSA,RSA}_size()

  • ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
    has 'p' (the prime) before calling DH_size(). We can create a DH with
    no parameter but DH_size() does not check and dereferences NULL.
    [ruby-core:75720] [Bug #12428]

  • ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
    not check dsa->q.

  • ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
    ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
    ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.

Updated by usa (Usaku NAKAMURA) about 3 years ago

  • Backport changed from 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN to 2.1: WONTFIX, 2.2: REQUIRED, 2.3: REQUIRED

Updated by nagachika (Tomoyuki Chikanaga) about 3 years ago

  • Backport changed from 2.1: WONTFIX, 2.2: REQUIRED, 2.3: REQUIRED to 2.1: WONTFIX, 2.2: REQUIRED, 2.3: DONE

ruby_2_3 r55904 merged revision(s) 55175.

Updated by usa (Usaku NAKAMURA) about 3 years ago

  • Backport changed from 2.1: WONTFIX, 2.2: REQUIRED, 2.3: DONE to 2.1: WONTFIX, 2.2: DONE, 2.3: DONE

ruby_2_2 r55935 merged revision(s) 55175.

#6

Updated by nobu (Nobuyoshi Nakada) almost 3 years ago

  • Has duplicate Bug #12865: openssl: segmentation fault when nil is passed as key added

Also available in: Atom PDF