merge revision(s) r45595: [Backport ruby#9743] [Backport ruby#9745]

nagachika · nagachika · commit eabdb7b555c2 · 2014-05-04T17:44:00.000Z
* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal() finalizes only a copy of the digest context, the context must be cleaned up after initialization by EVP_MD_CTX_cleanup() or a memory leak will occur. [ruby-core:62038] [Bug ruby#9743] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@45821 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,10 @@
+Mon May  5 02:35:20 2014  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
+	  finalizes only a copy of the digest context, the context must be
+	  cleaned up after initialization by EVP_MD_CTX_cleanup() or a
+	  memory leak will occur.  [ruby-core:62038] [Bug #9743]
+
 Mon May  5 02:21:48 2014  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* ext/dl/cptr.c (dlptr_free), ext/dl/handle.c (dlhandle_free),
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
@@ -318,13 +318,16 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
 {
     EVP_PKEY *pkey;
     EVP_MD_CTX ctx;
+    int result;
 
     GetPKey(self, pkey);
-    EVP_VerifyInit(&ctx, GetDigestPtr(digest));
     StringValue(sig);
     StringValue(data);
+    EVP_VerifyInit(&ctx, GetDigestPtr(digest));
     EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
-    switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey)) {
+    result = EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey);
+    EVP_MD_CTX_cleanup(&ctx);
+    switch (result) {
     case 0:
 	return Qfalse;
     case 1:
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
@@ -75,6 +75,36 @@ def test_sign_verify
     assert(key.verify(digest, sig, data))
   end
 
+  def test_sign_verify_memory_leak
+    bug9743 = '[ruby-core:62038] [Bug #9743]'
+    assert_no_memory_leak(%w[-ropenssl], <<-PREP, <<-CODE, bug9743, rss: true)
+    data = 'Sign me!'
+    digest = OpenSSL::Digest::SHA512.new
+    pkey = OpenSSL::PKey::RSA.new(2048)
+    signature = pkey.sign(digest, data)
+    pub_key = pkey.public_key
+    PREP
+    20_000.times {
+      pub_key.verify(digest, signature, data)
+    }
+    CODE
+
+    assert_no_memory_leak(%w[-ropenssl], <<-PREP, <<-CODE, bug9743, rss: true)
+    data = 'Sign me!'
+    digest = OpenSSL::Digest::SHA512.new
+    pkey = OpenSSL::PKey::RSA.new(2048)
+    signature = pkey.sign(digest, data)
+    pub_key = pkey.public_key
+    PREP
+    20_000.times {
+      begin
+        pub_key.verify(digest, signature, 1)
+      rescue TypeError
+      end
+    }
+    CODE
+  end
+
   def test_digest_state_irrelevant_sign
     key = OpenSSL::TestUtils::TEST_KEY_RSA1024
     digest1 = OpenSSL::Digest::SHA1.new
diff --git a/version.h b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.1.2"
 #define RUBY_RELEASE_DATE "2014-05-05"
-#define RUBY_PATCHLEVEL 91
+#define RUBY_PATCHLEVEL 92
 
 #define RUBY_RELEASE_YEAR 2014
 #define RUBY_RELEASE_MONTH 5
