1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[ruby/openssl] ssl: avoid directly storing String object in NPN callback

Browse Source 
On the server side, the serialized list of protocols is stored in
SSL_CTX as a String object reference. We utilize a hidden instance
variable to prevent it from being GC'ed, but this is not enough because
it can also be relocated by GC.compact.

https://github.com/ruby/openssl/commit/5eb68ba778
This commit is contained in:
Kazuki Yamaguchi 2021-10-14 15:53:00 +09:00
parent f6612203fa
commit c1147f7f71
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ext/openssl/ossl_ssl.c
View File

@ -660,7 +660,7 @@ static int
ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen,
void *arg) void *arg)
{ {
VALUE protocols = (VALUE)arg; VALUE protocols = rb_attr_get((VALUE)arg, id_npn_protocols_encoded);
*out = (const unsigned char *) RSTRING_PTR(protocols); *out = (const unsigned char *) RSTRING_PTR(protocols);
*outlen = RSTRING_LENINT(protocols); *outlen = RSTRING_LENINT(protocols);
@ -850,7 +850,7 @@ ossl_sslctx_setup(VALUE self)
if (!NIL_P(val)) { if (!NIL_P(val)) {
VALUE encoded = ssl_encode_npn_protocols(val); VALUE encoded = ssl_encode_npn_protocols(val);
rb_ivar_set(self, id_npn_protocols_encoded, encoded); rb_ivar_set(self, id_npn_protocols_encoded, encoded);
SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *)encoded); SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *)self);
OSSL_Debug("SSL NPN advertise callback added"); OSSL_Debug("SSL NPN advertise callback added");
} }
if (RTEST(rb_attr_get(self, id_i_npn_select_cb))) { if (RTEST(rb_attr_get(self, id_i_npn_select_cb))) {