search

toddr / Crypt-OpenSSL-RSA

Release history of Crypt-OpenSSL-RSA
https://metacpan.org/pod/Crypt::OpenSSL::RSA
Other
8 stars 25 forks source link

Out of memory on openssl 1.1.1w hpux #52

Open timlegge opened 3 weeks ago

timlegge commented 3 weeks ago

Just testing the current code on hpux before testing the opensslv3 updates and noticed that after #51 is fixed we have an out of memory issue.

It appears the the call to BIO_get_mem_ptr result in an invalid length in bptr->length or maybe the data there is just incorrect.

The following fixes the issue but I am awaiting some feedback from the openssl people to see if there is any reason not to make this the default...

diff --git a/RSA.xs b/RSA.xs index 5f5cfae..b6c0509 100644 --- a/RSA.xs +++ b/RSA.xs @@ -165,11 +165,13 @@ SV cor_bn2sv(const BIGNUM p_bn)

 SV* extractBioString(BIO* p_stringBio)
 {
     SV* sv;
-    BUF_MEM* bptr;
+    char *datap;
+    long datasize = 0;

     CHECK_OPEN_SSL(BIO_flush(p_stringBio) == 1);
-    BIO_get_mem_ptr(p_stringBio, &bptr);
-    sv = newSVpv(bptr->data, bptr->length);
+
+    datasize = BIO_get_mem_data(p_stringBio, &datap);
+    sv = newSVpv(datap, datasize);

     CHECK_OPEN_SSL(BIO_set_close(p_stringBio, BIO_CLOSE) == 1);
     BIO_free(p_stringBio);
timlegge commented 3 weeks ago

As per https://github.com/openssl/openssl/discussions/24791 the recommend approach is to move to BIO_get_mem_data instead of accessing the structures directly. I will submit a patch