Skip to content

Commit fcf170a

Browse files
HoneyryderChuckHoneyryderChuck
committed
store and storecontext: check whether object is frozen before executing state change functions
this makes them mostly useless, considering how they're used standalone
1 parent ebadd0f commit fcf170a

File tree

2 files changed

+22
-0
lines changed

2 files changed

+22
-0
lines changed

ext/openssl/ossl_x509store.c

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -246,6 +246,7 @@ static VALUE
246246
ossl_x509store_set_flags(VALUE self, VALUE flags)
247247
{
248248
X509_STORE *store;
249+
rb_check_frozen(self);
249250
long f = NUM2LONG(flags);
250251

251252
GetX509Store(self, store);
@@ -281,6 +282,7 @@ static VALUE
281282
ossl_x509store_set_purpose(VALUE self, VALUE purpose)
282283
{
283284
X509_STORE *store;
285+
rb_check_frozen(self);
284286
int p = NUM2INT(purpose);
285287

286288
GetX509Store(self, store);
@@ -305,6 +307,7 @@ static VALUE
305307
ossl_x509store_set_trust(VALUE self, VALUE trust)
306308
{
307309
X509_STORE *store;
310+
rb_check_frozen(self);
308311
int t = NUM2INT(trust);
309312

310313
GetX509Store(self, store);
@@ -331,6 +334,7 @@ ossl_x509store_set_time(VALUE self, VALUE time)
331334
X509_STORE *store;
332335
X509_VERIFY_PARAM *param;
333336

337+
rb_check_frozen(self);
334338
GetX509Store(self, store);
335339
#ifdef HAVE_X509_STORE_GET0_PARAM
336340
param = X509_STORE_get0_param(store);
@@ -358,6 +362,7 @@ ossl_x509store_add_file(VALUE self, VALUE file)
358362
X509_LOOKUP *lookup;
359363
const char *path;
360364

365+
rb_check_frozen(self);
361366
GetX509Store(self, store);
362367
path = StringValueCStr(file);
363368
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
@@ -393,6 +398,7 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
393398
X509_LOOKUP *lookup;
394399
const char *path;
395400

401+
rb_check_frozen(self);
396402
GetX509Store(self, store);
397403
path = StringValueCStr(dir);
398404
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
@@ -422,6 +428,7 @@ ossl_x509store_set_default_paths(VALUE self)
422428
{
423429
X509_STORE *store;
424430

431+
rb_check_frozen(self);
425432
GetX509Store(self, store);
426433
if (X509_STORE_set_default_paths(store) != 1)
427434
ossl_raise(eX509StoreError, "X509_STORE_set_default_paths");
@@ -443,6 +450,7 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
443450
X509_STORE *store;
444451
X509 *cert;
445452

453+
rb_check_frozen(self);
446454
cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
447455
GetX509Store(self, store);
448456
if (X509_STORE_add_cert(store, cert) != 1)
@@ -465,6 +473,7 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
465473
X509_STORE *store;
466474
X509_CRL *crl;
467475

476+
rb_check_frozen(self);
468477
crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
469478
GetX509Store(self, store);
470479
if (X509_STORE_add_crl(store, crl) != 1)
@@ -498,6 +507,7 @@ ossl_x509store_verify(int argc, VALUE *argv, VALUE self)
498507
VALUE cert, chain;
499508
VALUE ctx, proc, result;
500509

510+
rb_check_frozen(self);
501511
rb_scan_args(argc, argv, "11", &cert, &chain);
502512
ctx = rb_funcall(cX509StoreContext, rb_intern("new"), 3, self, cert, chain);
503513
proc = rb_block_given_p() ? rb_block_proc() :
@@ -695,6 +705,7 @@ ossl_x509stctx_set_error(VALUE self, VALUE err)
695705
{
696706
X509_STORE_CTX *ctx;
697707

708+
rb_check_frozen(self);
698709
GetX509StCtx(self, ctx);
699710
X509_STORE_CTX_set_error(ctx, NUM2INT(err));
700711

@@ -793,6 +804,7 @@ static VALUE
793804
ossl_x509stctx_set_flags(VALUE self, VALUE flags)
794805
{
795806
X509_STORE_CTX *store;
807+
rb_check_frozen(self);
796808
long f = NUM2LONG(flags);
797809

798810
GetX509StCtx(self, store);
@@ -814,6 +826,7 @@ static VALUE
814826
ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
815827
{
816828
X509_STORE_CTX *store;
829+
rb_check_frozen(self);
817830
int p = NUM2INT(purpose);
818831

819832
GetX509StCtx(self, store);
@@ -835,6 +848,7 @@ static VALUE
835848
ossl_x509stctx_set_trust(VALUE self, VALUE trust)
836849
{
837850
X509_STORE_CTX *store;
851+
rb_check_frozen(self);
838852
int t = NUM2INT(trust);
839853

840854
GetX509StCtx(self, store);
@@ -857,6 +871,7 @@ ossl_x509stctx_set_time(VALUE self, VALUE time)
857871
X509_STORE_CTX *store;
858872
long t;
859873

874+
rb_check_frozen(self);
860875
t = NUM2LONG(rb_Integer(time));
861876
GetX509StCtx(self, store);
862877
X509_STORE_CTX_set_time(store, 0, t);

test/openssl/test_x509store.rb

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,13 @@ def test_verify_simple
9191
assert_match(/ok/i, store.error_string)
9292
assert_equal(OpenSSL::X509::V_OK, store.error)
9393
assert_equal([ee1_cert, ca2_cert, ca1_cert], store.chain)
94+
95+
# frozen, operation invalid
96+
store = OpenSSL::X509::Store.new
97+
store.freeze
98+
assert_raise(FrozenError) do
99+
store.verify(ee1_cert, [ca2_cert, ca1_cert])
100+
end
94101
end
95102

96103
def test_verify_callback

0 commit comments

Comments
 (0)