From: Matt Venables <mattvenables@...>
Date: 2012-03-13T22:34:43+09:00
Subject: [ruby-core:43264] [ruby-trunk - Bug #6134] Ruby crashes when calling OpenSSL::PKCS7.new with invalid PKCS7 data


Issue #6134 has been updated by Matt Venables.


Running "openssl version" gives me (I don't believe this has been upgraded):
OpenSSL 0.9.8r 8 Feb 2011

I reinstalled 1.9.2-p318 (and 1.9.2-p180) and everything worked as expected (same as before - no segfault).  I then reinstalled 1.9.3-p125 and 1.9.3-head (p163) and had the same segfault on both versions.

For completeness, I tried the same code on a clean Ubuntu install (Ubuntu 11.10 codename oneiric) with the exact same results (1.9.2 passes, 1.9.3-p125 and 1.9.3-head both segfault)

openssl version: OpenSSL 1.0.0e 6 Sep 2011
ruby 1.9.2 version (PASS): ruby 1.9.2p290 (2011-07-09 revision 32553) [x86_64-linux]
ruby 1.9.3 version (SEGFAULT): ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-linux]
ruby 1.9.3-head version (SEGFAULT): ruby 1.9.3p163 (2012-03-06 revision 34932) [x86_64-linux]

Another thing worth noting - if the test script was modified to use valid PKCS7 data, the script passes on all systems.  It only segfaults when invalid data is used.

----------------------------------------
Bug #6134: Ruby crashes when calling OpenSSL::PKCS7.new with invalid PKCS7 data
https://bugs.ruby-lang.org/issues/6134

Author: Matt Venables
Status: Assigned
Priority: Normal
Assignee: Martin Bosslet
Category: ext
Target version: 1.9.3
ruby -v: ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-darwin11.3.0]


Reproducing steps: 
Run the following script in 1.9.3-p125 (it is attached to the issue as well)

require 'openssl'
contents = File.read(__FILE__)
begin
  OpenSSL::PKCS7.new(contents)
  puts "OK"
rescue => e
  puts "Error!"
  puts e
end


Expected Result:
Ruby should not crash,  the exception should be caught, and the script should output: 
"Error!" followed by the exception ("Could not parse the PKCS7: ...")

Actual Result:
The script outputs "Error!" followed by the exception, and ruby segfaults. (Crash report attached).
The script occasionally operates as expected, but running it 3 or 4 times will always yield the segmentation fault.

This only happens in 1.9.3 (1.9.2 is working fine).

Tested on:
1.9.3-p0 (ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-darwin11.3.0])
1.9.3-p125 (ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-darwin11.3.0])
1.9.3-head (ruby 1.9.3p163 (2012-03-06 revision 34932) [x86_64-darwin11.3.0])


-- 
http://bugs.ruby-lang.org/