Project

General

Profile

Actions

Bug #15760

closed

OpenSSL::BN.new(nil, 2) dumps core

Added by mame (Yusuke Endoh) almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Target version:
-
ruby -v:
ruby 2.7.0dev (2019-04-10 trunk 67496) [x86_64-linux]
[ruby-core:92231]

Description

ext/openssl/ossl_bn.c

 221         if (!BN_bin2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) {
 222             ossl_raise(eBNError, NULL);
 223         }
 224         break;

This code depends on the evaluation order of function arguments. It works if StringValuePtr(str) is evaluated earlier than RSTRING_LENINT(str), but it doesn't if the order is reversed, which causes core dump.

Actions

Also available in: Atom PDF