Check if the option is an Hash in pkey_ctx_apply_options

causes SEGV if it is an Array or something like that.
ruby · Aug 5, 2022 · 5584cd3 · 5584cd3
1 parent d36e6e5
commit 5584cd3
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
@@ -209,6 +209,7 @@ pkey_ctx_apply_options0(VALUE args_v)
 static void
 pkey_ctx_apply_options(EVP_PKEY_CTX *ctx, VALUE options, int *state)
 {
+    Check_Type(options, T_HASH);
     VALUE args[2];
     args[0] = (VALUE)ctx;
     args[1] = options;

diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
@@ -108,6 +108,11 @@ def test_sign_verify_options
                                       salt_length: 20, mgf1_hash: "SHA1")
     # Defaults to PKCS #1 v1.5 padding => verification failure
     assert_equal false, key.verify("SHA256", sig_pss, data)
+
+    # option type check
+    assert_raise_with_message(TypeError, /expected Hash/) {
+      key.sign("SHA256", data, ["x"])
+    }
   end
 
   def test_sign_verify_raw