Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FFI: fix missing CAMLparamX and CAMLreturn in the C FFI #90

Merged
merged 3 commits into from Aug 12, 2022
Merged

FFI: fix missing CAMLparamX and CAMLreturn in the C FFI #90

merged 3 commits into from Aug 12, 2022

Conversation

anmonteiro
Copy link
Collaborator

cc @gasche @gadmm

I audited the C FFI in the repo and added a few missing CAMLparam and CAMLreturn calls.

Not meant to put work on your plate! Don't feel obliged to review.

gasche
gasche reviewed Aug 12, 2022
View reviewed changes
Copy link

@gasche gasche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In some of those places, the function were actually safe if you reason at the tricky level of value invalidation by allocations. But I would agree that following the "simple" protocol all the time is more reasonable -- especially when contributors get in charge of debugging a FFI failure as @anmonteiro was. I don't expect any performance issue with this approach either.

I wrote an inline comment about a missing CAMLreturn in one function.

src/ssl_stubs.c
@@ -831,7 +837,7 @@ CAMLprim value caml_alpn_select_cb(SSL *ssl,
*out = String_val(selected_protocol);
*outlen = len;

return SSL_TLSEXT_ERR_OK;
CAMLreturn(SSL_TLSEXT_ERR_OK);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this one is necessary for safety after the CAMLlocal above. You should also fix the return on line 826->832 I believe?

@anmonteiro anmonteiro merged commit e9bcc8b into master Aug 12, 2022
@anmonteiro anmonteiro deleted the anmonteiro/ffi-cleanup branch August 12, 2022 17:16
@anmonteiro
Copy link
Collaborator Author

@gasche thanks for the review!

anmonteiro added a commit to anmonteiro/opam-repository that referenced this pull request Aug 12, 2022
@anmonteiro
[new release] ssl (0.5.12)
29ec9be 
CHANGES:

- Add a few verification functions (savonet/ocaml-ssl#71):
  - `add_extra_chain_cert` to send additional chain certificates to the peer.
  - `add_cert_to_store`: to allow verification of the peer certificate CA.
  - `set_ip`: sets the expected IP address to be verified on a SSL socket.
- Improve `use_certificate_from_string` (savonet/ocaml-ssl#71) to read any type of key (rather
  than just RSA).
- Fix a segmentation fault in the ALPN selection callback under OCaml 5 (savonet/ocaml-ssl#89).
- Audit the C FFI and add `CAMLparamX` and `CAMLreturn` calls (savonet/ocaml-ssl#90).
@anmonteiro anmonteiro mentioned this pull request Aug 12, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gasche gasche gasche left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@anmonteiro @gasche