Skip to content

Commit eb73428

Browse files
kareskares
committed
[fix] avoid NPE when CRL fails to parse (invalid str)
this resolves jruby/jruby#5619
1 parent 06176cb commit eb73428

File tree

2 files changed

+12
-10
lines changed

2 files changed

+12
-10
lines changed

src/main/java/org/jruby/ext/openssl/X509CRL.java

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -175,25 +175,21 @@ private byte[] getSignature() {
175175
return getCRL().getSignature();
176176
}
177177

178-
private static boolean avoidJavaSecurity = false;
178+
private static final boolean avoidJavaSecurity = false; // true NOT SUPPORTED
179179

180-
private static java.security.cert.X509CRL generateCRL(
181-
final byte[] bytes, final int offset, final int length)
180+
private static java.security.cert.X509CRL generateCRL(final byte[] bytes, final int offset, final int length)
182181
throws GeneralSecurityException {
183182
CertificateFactory factory = SecurityHelper.getCertificateFactory("X.509");
184-
return (java.security.cert.X509CRL) factory.generateCRL(
185-
new ByteArrayInputStream(bytes, offset, length)
186-
);
183+
return (java.security.cert.X509CRL) factory.generateCRL(new ByteArrayInputStream(bytes, offset, length));
187184
}
188185

189-
private static X509CRLHolder parseCRLHolder(
190-
final byte[] bytes, final int offset, final int length) throws IOException {
186+
private static X509CRLHolder parseCRLHolder(final byte[] bytes, final int offset, final int length)
187+
throws IOException {
191188
return new X509CRLHolder(new ByteArrayInputStream(bytes, offset, length));
192189
}
193190

194191
@JRubyMethod(name = "initialize", rest = true, visibility = Visibility.PRIVATE)
195-
public IRubyObject initialize(final ThreadContext context,
196-
final IRubyObject[] args, final Block block) {
192+
public IRubyObject initialize(final ThreadContext context, final IRubyObject[] args, final Block block) {
197193
final Ruby runtime = context.runtime;
198194

199195
this.extensions = runtime.newArray(8);
@@ -220,6 +216,10 @@ public IRubyObject initialize(final ThreadContext context,
220216
throw newCRLError(runtime, e);
221217
}
222218

219+
if (this.crl == null) {
220+
throw newCRLError(runtime, ""); // MRI: "header too long" for OpenSSL::X509::CRL.new('')
221+
}
222+
223223
set_last_update( context, RubyTime.newTime(runtime, crl.getThisUpdate().getTime()) );
224224
set_next_update( context, RubyTime.newTime(runtime, crl.getNextUpdate().getTime()) );
225225
set_issuer( X509Name.newName(runtime, crl.getIssuerX500Principal()) );

src/test/ruby/x509/test_x509crl.rb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ def test_new_crl
1616
if RUBY_VERSION >= '2.0.0' || defined? JRUBY_VERSION
1717
assert crl.inspect.index('#<OpenSSL::X509::CRL:') == 0, crl.inspect
1818
end
19+
20+
assert_raises(OpenSSL::X509::CRLError) { OpenSSL::X509::CRL.new('') }
1921
end
2022

2123
REVOKED_TEXT = <<EOF

0 commit comments

Comments
 (0)