fix segv in Timestamp::{Request,Response,TokenInfo}.new

no6v · rhenium · commit b29e215786dd · 2021-09-27T12:02:30.000+09:00
prevent `ossl_ts_*_free()` from calling when `d2i_TS_*_bio()` failed.
diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c
@@ -205,8 +205,10 @@ ossl_ts_req_initialize(int argc, VALUE *argv, VALUE self)
     in = ossl_obj2bio(&arg);
     ts_req = d2i_TS_REQ_bio(in, &ts_req);
     BIO_free(in);
-    if (!ts_req)
+    if (!ts_req) {
+        DATA_PTR(self) = NULL;
         ossl_raise(eTimestampError, "Error when decoding the timestamp request");
+    }
     DATA_PTR(self) = ts_req;
 
     return self;
@@ -529,8 +531,10 @@ ossl_ts_resp_initialize(VALUE self, VALUE der)
     in  = ossl_obj2bio(&der);
     ts_resp = d2i_TS_RESP_bio(in, &ts_resp);
     BIO_free(in);
-    if (!ts_resp)
+    if (!ts_resp) {
+        DATA_PTR(self) = NULL;
         ossl_raise(eTimestampError, "Error when decoding the timestamp response");
+    }
     DATA_PTR(self) = ts_resp;
 
     return self;
@@ -871,8 +875,10 @@ ossl_ts_token_info_initialize(VALUE self, VALUE der)
     in  = ossl_obj2bio(&der);
     info = d2i_TS_TST_INFO_bio(in, &info);
     BIO_free(in);
-    if (!info)
+    if (!info) {
+        DATA_PTR(self) = NULL;
         ossl_raise(eTimestampError, "Error when decoding the timestamp token info");
+    }
     DATA_PTR(self) = info;
 
     return self;
diff --git a/test/openssl/test_ts.rb b/test/openssl/test_ts.rb
@@ -181,6 +181,12 @@ def test_request_encode_decode
     assert_equal(42, qer2.nonce)
   end
 
+  def test_request_invalid_asn1
+    assert_raise(OpenSSL::Timestamp::TimestampError) do
+      OpenSSL::Timestamp::Request.new("*" * 44)
+    end
+  end
+
   def test_response_constants
     assert_equal(0, OpenSSL::Timestamp::Response::GRANTED)
     assert_equal(1, OpenSSL::Timestamp::Response::GRANTED_WITH_MODS)
@@ -333,6 +339,12 @@ def test_response_bad_purpose
     end
   end
 
+  def test_response_invalid_asn1
+    assert_raise(OpenSSL::Timestamp::TimestampError) do
+      OpenSSL::Timestamp::Response.new("*" * 44)
+    end
+  end
+
   def test_no_cert_requested
     req = OpenSSL::Timestamp::Request.new
     req.algorithm = "SHA1"
@@ -585,6 +597,12 @@ def test_token_info_creation
     assert_equal(123, info.nonce)
   end
 
+  def test_token_info_invalid_asn1
+    assert_raise(OpenSSL::Timestamp::TimestampError) do
+      OpenSSL::Timestamp::TokenInfo.new("*" * 44)
+    end
+  end
+
   private
 
   def assert_cert expected, actual
