Issue #10268 has been updated by Danilo Martins.

File dif_GetBNPtr.patch added

This bug is due to passing null pointers to EC_POINTs_mul(). This function, in turn, does not handle null pointer arguments. Looking over the code, there are several points where the results of GetBNPtr() are used without checking for null values.  The fix is a one-line change. This does not break any tests.

----------------------------------------
Bug #10268: OpenSSL::PKey::EC::Point#mul causes a segmentation fault
https://bugs.ruby-lang.org/issues/10268#change-52462

* Author: Kazuki Tsujimoto
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.2.0dev (2014-09-20 trunk 47651) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
Following code sometimes causes SEGV on Ubuntu 14.04 x86_64.
Backtrace log is attached.

~~~ruby
require 'openssl'

GC.stress = true

ec = OpenSSL::PKey::EC.new <<_end_of_pem_
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIID49FDqcf1O1eO8saTgG70UbXQw9Fqwseliit2aWhH1oAoGCCqGSM49
AwEHoUQDQgAEFglk2c+oVUIKQ64eZG9bhLNPWB7lSZ/ArK41eGy5wAzU/0G51Xtt
CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
-----END EC PRIVATE KEY-----
_end_of_pem_

p1 = ec.public_key
p1.mul([nil], [p1])
~~~


---Files--------------------------------
backtrace.log (1.92 KB)
dif_GetBNPtr.patch (360 Bytes)


-- 
https://bugs.ruby-lang.org/