From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: poffice@blade.nagaokaut.ac.jp Delivered-To: poffice@blade.nagaokaut.ac.jp Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24]) by blade.nagaokaut.ac.jp (Postfix) with ESMTP id 9626919E005C for ; Fri, 18 Dec 2015 12:43:05 +0900 (JST) Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100]) by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id A3D64B5D901 for ; Fri, 18 Dec 2015 13:15:12 +0900 (JST) Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id 0C07118CC7E8 for ; Fri, 18 Dec 2015 13:15:13 +0900 (JST) Received: from [221.186.184.76] (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 21C691207A1; Fri, 18 Dec 2015 13:14:03 +0900 (JST) X-Original-To: ruby-core@ruby-lang.org Delivered-To: ruby-core@ruby-lang.org Received: from mail-ig0-f172.google.com (mail-ig0-f172.google.com [209.85.213.172]) by neon.ruby-lang.org (Postfix) with ESMTPS id CCC0F12074A for ; Fri, 18 Dec 2015 13:13:28 +0900 (JST) Received: by mail-ig0-f172.google.com with SMTP id to18so26678723igc.0 for ; Thu, 17 Dec 2015 20:13:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:message-id:subject:mime-version:content-type; bh=jPo1QH60dzFtMPq/pfV5GZ8c/a/D8cG0c6B3F2GKSDw=; b=PitFiUmVKmPptsHxYFbnxE0EGj+hDVnieVx07LbNHXsMX+L4Prbcs94uvv+hBonaWY I5x9HzwAxR4Stvah3IQrbiTCXxJ0wrDzM3SWoYMi7PGt5qEcpnYHAJYl0Gr+Hxi51lkm zMeUnKBupgCldzYIB714xdXRj7f9WS86OmhEvwg0fpHLmH04tDR/XmZE1MEkBBb6psIJ hu9qbsXsV6KdI0iFG2yFK1vvuWF+M2e8s3b2fiBMUhXs/huvBW5nk8nVxYg3zvO4LM+O zo++REThXF/y2rl+yaxr92+lko602tCwktzMBve+TYqaCs6VP3ajs2sF1ZjRQt6yPL13 xCVQ== X-Received: by 10.50.50.201 with SMTP id e9mr520974igo.10.1450412007644; Thu, 17 Dec 2015 20:13:27 -0800 (PST) Received: from Josephe-Jones (75-166-130-47.hlrn.qwest.net. [75.166.130.47]) by smtp.gmail.com with ESMTPSA id o9sm1362900igy.19.2015.12.17.20.13.26 for (version=TLSv1/SSLv3 cipher=OTHER); Thu, 17 Dec 2015 20:13:27 -0800 (PST) Date: Thu, 17 Dec 2015 21:13:26 -0700 From: Joseph Jones To: Ruby developers Cc: Message-ID: <4F776AAC-720F-401F-B9B8-2E5E2EDC5834@gmail.com> X-Mailer: BoxerFree 6.0.4 (321) X-Boxer-Generated: true X-Boxer-IsLike: true MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="567387e6_45e6d486_16c" X-ML-Name: ruby-core X-Mail-Count: 72345 Subject: [ruby-core:72345] [Ruby trunk - Bug #11810] [Open] [PATCH] OpenSSL::SSL::SSLcontext#{alpn, npn}_select_cb= does not work properly X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" --567387e6_45e6d486_16c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Joseph Jones liked your message with Boxer. On December 12, 2015 at 10:34= :39 MST, k=40rhe.jp wrote:Issue =2311810 has been reported by Kazuki Yama= guchi.----------------------------------------Bug =2311810: =5BPATCH=5D O= penSSL::SSL::SSLcontext=23=7Balpn,npn=7D=5Fselect=5Fcb=3D does not work p= roperlyhttps://bugs.ruby-lang.org/issues/11810* Author: Kazuki Yamaguchi*= Status: Open* Priority: Normal* Assignee: * ruby -v: ruby 2.3.0dev (2015= -12-13 trunk 53061) =5Bx86=5F64-linux=5D* Backport: 2.0.0: UNKNOWN, 2.1: = UNKNOWN, 2.2: UNKNOWN----------------------------------------The protocol= list passed to the callback function (set by =60SSL=5FCTX=5Fset=5Falpn=5F= select=5Fcb=60, =60SSL=5FCTX=5Fset=5Fnext=5Fproto=5Fselect=5Fcb=60) is no= t null-terminated string.This issue seems to have been existing since fir= st NPN was supported (r36871).This patch also removes the code checking t= he length of protocol name, because it is already validated by OpenSSL.--= -=46iles--------------------------------0001-ext-openssl-ossl=5Fssl.c-ssl= =5Fnpn=5Fselect=5Fcb=5Fcommon-fix-.patch (1.27 KB)-- https://bugs.ruby-la= ng.org/ --567387e6_45e6d486_16c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Joseph Jones liked your message with Boxer.


= On December 12, 2015 at 10:34:39 MST, k=40rhe.jp wrote:
Issue =2311810 has been reported by Kaz= uki Yamaguchi.

----------------------------------------
B= ug =2311810: =5BPATCH=5D OpenSSL::SSL::SSLcontext=23=7Balpn,npn=7D=5Fsele= ct=5Fcb=3D does not work properly
https://bugs.ruby-lang.org/issues/= 11810

* Author: Kazuki Yamaguchi
* Status: Open
* Pr= iority: Normal
* Assignee:
* ruby -v: ruby 2.3.0dev (2015-12-1= 3 trunk 53061) =5Bx86=5F64-linux=5D
* Backport: 2.0.0: UNKNOWN, 2.1:= UNKNOWN, 2.2: UNKNOWN
----------------------------------------
The protocol list passed to the callback function (set by =60SSL=5FCTX=5F= set=5Falpn=5Fselect=5Fcb=60, =60SSL=5FCTX=5Fset=5Fnext=5Fproto=5Fselect=5F= cb=60) is not null-terminated string.
This issue seems to have been = existing since first NPN was supported (r36871).

This patch al= so removes the code checking the length of protocol name, because it is a= lready validated by OpenSSL.

---=46iles-----------------------= ---------
0001-ext-openssl-ossl=5Fssl.c-ssl=5Fnpn=5Fselect=5Fcb=5Fco= mmon-fix-.patch (1.27 KB)


--
https://bugs.ruby-lan= g.org/
--567387e6_45e6d486_16c--