packages/ruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ruby/ruby-CVE-2018-16395.patch
openeuler-basic ff1b02966b init
2019-12-30 14:47:52 +08:00

63 lines
2.5 KiB
Diff
Raw Blame History

From cbe558bbcc1f20573fd2667f210a44eb83dec241 Mon Sep 17 00:00:00 2001
From: shenyining <shenyining@huawei.com>
Date: Thu, 21 Mar 2019 19:42:01 +0800
Subject: [PATCH] fix CVE-2018-16395
patch url:
https://github.com/ruby/ruby/commit/93bc10272734cbbb9197470ca629cc4ea019f6f0
https://hackerone.com/reports/387250
CVE:
https://nvd.nist.gov/vuln/detail/CVE-2018-16395
https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
Signed-off-by: shenyining <shenyining@huawei.com>
---
ext/openssl/ossl_x509name.c | 2 +-
test/openssl/test_x509name.rb | 14 ++++++++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index c900bcb..15e4bb0 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
result = ossl_x509name_cmp0(self, other);
if (result < 0) return INT2FIX(-1);
- if (result > 1) return INT2FIX(1);
+ if (result > 0) return INT2FIX(1);
return INT2FIX(0);
}
diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb
index 2d92e64..ae8a8fb 100644
--- a/test/openssl/test_x509name.rb
+++ b/test/openssl/test_x509name.rb
@@ -426,10 +426,24 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
name0 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bar.ruby-lang.org"]])
name1 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bar.ruby-lang.org"]])
name2 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "baz.ruby-lang.org"]])
+ name3 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bar.ruby-langg.org"]])
+ name4 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bbz.ruby-lang.org"]])
assert_equal true, name0 == name1
assert_equal true, name0.eql?(name1)
+ assert_equal true, name1 == name0
+ assert_equal true, name1.eql?(name0)
assert_equal false, name0 == name2
assert_equal false, name0.eql?(name2)
+ assert_equal false, name2 == name0
+ assert_equal false, name2.eql?(name0)
+ assert_equal false, name0 == name3
+ assert_equal false, name0.eql?(name3)
+ assert_equal false, name3 == name0
+ assert_equal false, name3.eql?(name0)
+ assert_equal false, name0 == name4
+ assert_equal false, name0.eql?(name4)
+ assert_equal false, name4 == name0
+ assert_equal false, name4.eql?(name0)
end
def test_dup
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink