Bug #9592

Fix segfault with old OpenSSL

Added by Nobuyoshi Nakada over 1 year ago. Updated over 1 year ago.

[ruby-dev:48018]
Status:Closed
Priority:Normal
Assignee:-
ruby -v:r45270 Backport:1.9.3: DONE, 2.0.0: DONE, 2.1: DONE

Description

r44572 以降、古いOpenSSL(0.9.8kで確認)で、SSL connectionに失敗したときにSEGVすることがあります。

$ ruby -rnet/https -e 'Net::HTTP.get(URI("https://brandymelvilleusa.com"))'
/app/vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918: [BUG] Segmentation fault
ruby 2.0.0p451 (2014-02-24 revision 45167) [x86_64-linux]

r45271 で修正したのでバックポートをお願いします。


Related issues

Related to Backport193 - Backport #9672: backport r45271 Closed 03/25/2014

Associated revisions

Revision 45271
Added by Nobuyoshi Nakada over 1 year ago

ossl.c: NULL check

  • ext/openssl/ossl.c (ossl_make_error): check NULL for unknown error reasons with old OpenSSL, and insert a colon iff formatted message is not empty.

Revision 45472
Added by Tomoyuki Chikanaga over 1 year ago

merge revision(s) r45271: [Backport #9592] [Backport #9670]

* ext/openssl/ossl.c (ossl_make_error): check NULL for unknown
  error reasons with old OpenSSL, and insert a colon iff formatted
  message is not empty.

Revision 45778
Added by Tomoyuki Chikanaga over 1 year ago

merge revision(s) r45271: [Backport #9592] [Backport #9671]

* ext/openssl/ossl.c (ossl_make_error): check NULL for unknown
  error reasons with old OpenSSL, and insert a colon iff formatted
  message is not empty.

History

#1 Updated by Nobuyoshi Nakada over 1 year ago

  • Description updated (diff)

#2 Updated by Nobuyoshi Nakada over 1 year ago

security fixではないですが、明らかなregressionなので1.9.3にも必要かもしれません。

#3 Updated by Tomoyuki Chikanaga over 1 year ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

Applied in changeset ruby-200:r45472.


merge revision(s) r45271: [Backport #9592] [Backport #9670]

* ext/openssl/ossl.c (ossl_make_error): check NULL for unknown
  error reasons with old OpenSSL, and insert a colon iff formatted
  message is not empty.

#4 Updated by Tomoyuki Chikanaga over 1 year ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: REQUIRED, 2.0.0: DONE, 2.1: REQUIRED

r45271 was backported to ruby_2_0_0 at r45472.

コミット連動で閉じてしまいましたが、trunk では修正済みなので Closed にした上で Backport 欄を使うということでそのままにしておきます。

#5 Updated by Usaku NAKAMURA over 1 year ago

#6 Updated by Usaku NAKAMURA over 1 year ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: DONE, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: DONE, 2.1: REQUIRED

backported into ruby_1_9_3 at r45485. (see #9672)

#7 Updated by Nathan Youngman over 1 year ago

We saw this error in production with Ruby 2.1.1p76 on Heroku, but I don't know how to reproduce it. Is a backport to 2.1.1 planned? Or including the fix in 2.1.2?

Apr 22 08:03:01 app/worker.1:  /app/vendor/ruby-2.1.1/lib/ruby/2.1.0/net/http.rb:920: [BUG] Segmentation fault at 0x00000000000000 
Apr 22 08:03:01 app/worker.1:  ruby 2.1.1p76 (2014-02-24 revision 45161) [x86_64-linux] 

#8 Updated by Nobuyoshi Nakada over 1 year ago

I suspect it occurs only with very old version OpenSSL, I can't reproduce it on other platforms at least.

It is planned to backport to 2.1, and the next 2.1 will be 2.1.2.

#9 Updated by Nathan Youngman over 1 year ago

Nobuyoshi Nakada wrote:

I suspect it occurs only with very old version OpenSSL, I can't reproduce it on other platforms at least.

Yes, Heroku is running OpenSSL 0.9.8k 25 Mar 2009 on their Cedar stack.
(heroku run openssl version)

It is planned to backport to 2.1, and the next 2.1 will be 2.1.2.

Thanks. Looking forward to 2.1.2.

#10 Updated by Tomoyuki Chikanaga over 1 year ago

  • Backport changed from 1.9.3: DONE, 2.0.0: DONE, 2.1: REQUIRED to 1.9.3: DONE, 2.0.0: DONE, 2.1: DONE

r45271 was backported into ruby_2_1 branch at r45778.

Also available in: Atom PDF