Merge pull request #531 from no6v/pkey-sign-option-type-check

rhenium · web-flow · commit d52549a186b3 · 2022-08-11T17:52:31.000+09:00
OpenSSL::PKey::PKey#sign etc. with wrong type option causes SEGV
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
@@ -200,6 +200,7 @@ static VALUE
 pkey_ctx_apply_options0(VALUE args_v)
 {
     VALUE *args = (VALUE *)args_v;
+    Check_Type(args[1], T_HASH);
 
     rb_block_call(args[1], rb_intern("each"), 0, NULL,
                   pkey_ctx_apply_options_i, args[0]);
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
@@ -108,6 +108,11 @@ def test_sign_verify_options
                                       salt_length: 20, mgf1_hash: "SHA1")
     # Defaults to PKCS #1 v1.5 padding => verification failure
     assert_equal false, key.verify("SHA256", sig_pss, data)
+
+    # option type check
+    assert_raise_with_message(TypeError, /expected Hash/) {
+      key.sign("SHA256", data, ["x"])
+    }
   end
 
   def test_sign_verify_raw

Original file line number	Diff line number	Diff line change
`@@ -200,6 +200,7 @@ static VALUE`
`200`	`200`	`pkey_ctx_apply_options0(VALUE args_v)`
`201`	`201`	`{`
`202`	`202`	`VALUE args = (VALUE )args_v;`
	`203`	`+ Check_Type(args[1], T_HASH);`
`203`	`204`
`204`	`205`	`rb_block_call(args[1], rb_intern("each"), 0, NULL,`
`205`	`206`	`pkey_ctx_apply_options_i, args[0]);`