Merge pull request #184 from rhenium/ky/cipher-pkcs5-keyivgen-validate-iter

rhenium · web-flow · commit 8f755f22521e · 2018-02-19T14:38:51.000+09:00
cipher: validate iterations argument for Cipher#pkcs5_keyivgen
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
@@ -321,6 +321,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
 	salt = (unsigned char *)RSTRING_PTR(vsalt);
     }
     iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
+    if (iter <= 0)
+	rb_raise(rb_eArgError, "iterations must be a positive integer");
     digest = NIL_P(vdigest) ? EVP_md5() : GetDigestPtr(vdigest);
     GetCipher(self, ctx);
     EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,
diff --git a/test/test_cipher.rb b/test/test_cipher.rb
@@ -44,6 +44,9 @@ def test_pkcs5_keyivgen
     s2 = cipher.update(pt) << cipher.final
 
     assert_equal s1, s2
+
+    cipher2 = OpenSSL::Cipher.new("DES-EDE3-CBC").encrypt
+    assert_raise(ArgumentError) { cipher2.pkcs5_keyivgen(pass, salt, -1, "MD5") }
   end
 
   def test_info

Original file line number	Diff line number	Diff line change
`@@ -321,6 +321,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)`
`321`	`321`	`salt = (unsigned char *)RSTRING_PTR(vsalt);`
`322`	`322`	`}`
`323`	`323`	`iter = NIL_P(viter) ? 2048 : NUM2INT(viter);`
	`324`	`+ if (iter <= 0)`
	`325`	`+ rb_raise(rb_eArgError, "iterations must be a positive integer");`
`324`	`326`	`digest = NIL_P(vdigest) ? EVP_md5() : GetDigestPtr(vdigest);`
`325`	`327`	`GetCipher(self, ctx);`
`326`	`328`	`EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,`