diff options
-rw-r--r-- | Changes | 5 | ||||
-rw-r--r-- | META.json | 8 | ||||
-rw-r--r-- | META.yml | 6 | ||||
-rw-r--r-- | Makefile.PL | 5 | ||||
-rw-r--r-- | SMIME.pl | 2 | ||||
-rw-r--r-- | SMIME.xs | 20 | ||||
-rw-r--r-- | lib/SMIME.pm | 27 |
7 files changed, 25 insertions, 48 deletions
@@ -1,5 +1,10 @@ Revision history for Crypt::SMIME +0.29 Mon Mar 4 18:10:38 JST 2024 + - Fixed a bug which could cause a double-free on X.509 + structures in a certain scenario: + https://rt.cpan.org/Public/Bug/Display.html?id=152115 + 0.28 Mon Oct 25 11:38:55 JST 2021 - Support OpenSSL 3.0. @@ -4,13 +4,13 @@ "Ymirlink <tl@tripletail.jp>" ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 6.86, CPAN::Meta::Converter version 2.150005", + "generated_by" : "ExtUtils::MakeMaker version 7.64, CPAN::Meta::Converter version 2.150010", "license" : [ "unknown" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", - "version" : "2" + "version" : 2 }, "name" : "Crypt-SMIME", "no_index" : { @@ -42,6 +42,6 @@ } }, "release_status" : "stable", - "version" : "0.28", - "x_serialization_backend" : "JSON::PP version 2.27203" + "version" : "0.29", + "x_serialization_backend" : "JSON::PP version 4.07" } @@ -12,7 +12,7 @@ configure_requires: ExtUtils::MakeMaker: '0' ExtUtils::PkgConfig: '0' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 6.86, CPAN::Meta::Converter version 2.150005' +generated_by: 'ExtUtils::MakeMaker version 7.64, CPAN::Meta::Converter version 2.150010' license: unknown meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -24,5 +24,5 @@ no_index: - inc requires: XSLoader: '0' -version: '0.28' -x_serialization_backend: 'CPAN::Meta::YAML version 0.016' +version: '0.29' +x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff --git a/Makefile.PL b/Makefile.PL index cf396ea..487db15 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -109,7 +109,7 @@ EOF depend => { 'lib/SMIME.pm' => "SMIME.pl SMIME.pod const-autoload.inc\n" . - ( -d 'lib' ? '' : "\tmkdir lib\n") . + ("\tmkdir -p lib\n") . "\techo $SEP# This file is automatically generated from SMIME.pl$SEP > \$\@\n" . "\techo $SEP# All of your changes will be lost if you edit this directly.$SEP >> \$\@\n" . "\t$CAT SMIME.pl >> \$\@\n" . @@ -125,8 +125,7 @@ EOF 'lib/SMIME/JA.pod' => "SMIME.mlpod\n" . - ( -d 'lib' ? '' : "\tmkdir lib\n") . - ( -d 'lib/SMIME' ? '' : "\tmkdir lib/SMIME\n") . + ("\tmkdir -p lib/SMIME\n") . "\tmlpod2pod --langs=ja \$< | perl -pe 's/(\\xe5\\x90\\x8d\\xe5\\x89\\x8d)/NAME/' > \$\@", }, ); @@ -15,7 +15,7 @@ our %EXPORT_TAGS = ( ); Exporter::export_ok_tags('constants'); -our $VERSION = '0.28'; +our $VERSION = '0.29'; XSLoader::load(__PACKAGE__, $VERSION); @@ -170,7 +170,9 @@ static SV* sign(Crypt_SMIME this, char* plaintext, unsigned int len) { for (i = 0; i < sk_X509_num(this->pubkeys_stack); i++) { X509* x509 = sk_X509_value(this->pubkeys_stack, i); assert(x509 != NULL); - if (CMS_add0_cert(cms, x509) != 1) { + /* CMS_add1_cert() increments the refcount in X509 and + * CMS_ContentInfo_free() decrements it. */ + if (CMS_add1_cert(cms, x509) != 1) { if (ERR_GET_REASON(ERR_peek_last_error()) != CMS_R_CERTIFICATE_ALREADY_PRESENT) { CMS_ContentInfo_free(cms); BIO_free(inbuf); @@ -228,7 +230,7 @@ static SV* signonly(Crypt_SMIME this, char* plaintext, unsigned int len) { for (i = 0; i < sk_X509_num(this->pubkeys_stack); i++) { X509* x509 = sk_X509_value(this->pubkeys_stack, i); assert(x509 != NULL); - if (CMS_add0_cert(cms, x509) != 1) { + if (CMS_add1_cert(cms, x509) != 1) { if (ERR_GET_REASON(ERR_peek_last_error()) != CMS_R_CERTIFICATE_ALREADY_PRESENT) { CMS_ContentInfo_free(cms); BIO_free(inbuf); @@ -460,10 +462,7 @@ DESTROY(Crypt_SMIME this) EVP_PKEY_free(this->priv_key); } if (this->pubkeys_stack) { - /* X.509 certificates are shared between this and - * pubkeys_store. We only deallocate the stack here. - */ - sk_X509_free(this->pubkeys_stack); + sk_X509_pop_free(this->pubkeys_stack, X509_free); } if (this->pubkeys_store) { X509_STORE_free(this->pubkeys_store); @@ -565,7 +564,7 @@ setPublicKey(Crypt_SMIME this, SV* crt) /* 古い鍵があったら消す */ if (this->pubkeys_stack) { - sk_X509_free(this->pubkeys_stack); + sk_X509_pop_free(this->pubkeys_stack, X509_free); this->pubkeys_stack = NULL; } if (this->pubkeys_store) { @@ -669,10 +668,9 @@ _addPublicKey(Crypt_SMIME this, char* crt) } } - /* X509_STORE_add_cert() has an undocumented behavior that - * increments a refcount in X509 unlike sk_X509_push(). So - * we must not call X509_dup() here. - */ + /* X509_STORE_add_cert() internally increments the refcount in + * X509 unlike sk_X509_push(). So we must not call + * X509_up_ref() here. */ if (X509_STORE_add_cert(this->pubkeys_store, pub_cert) == 0) { X509_free(pub_cert); BIO_free(buf); diff --git a/lib/SMIME.pm b/lib/SMIME.pm index 87d0552..ebfa629 100644 --- a/lib/SMIME.pm +++ b/lib/SMIME.pm @@ -17,7 +17,7 @@ our %EXPORT_TAGS = ( ); Exporter::export_ok_tags('constants'); -our $VERSION = '0.28'; +our $VERSION = '0.29'; XSLoader::load(__PACKAGE__, $VERSION); @@ -184,31 +184,6 @@ sub prepareSmimeMessage { } ($rest,$move); } -use Carp qw(croak); -sub AUTOLOAD { - # This AUTOLOAD is used to 'autoload' constants from the constant() - # XS function. - - my $constname; - our $AUTOLOAD; - ($constname = $AUTOLOAD) =~ s/.*:://; - croak "&Crypt::SMIME::constant not defined" if $constname eq 'constant'; - my ($error, $val) = constant($constname); - if ($error) { croak $error; } - { - no strict 'refs'; - # Fixed between 5.005_53 and 5.005_61 -#XXX if ($] >= 5.00561) { -#XXX *$AUTOLOAD = sub () { $val }; -#XXX } -#XXX else { - *$AUTOLOAD = sub { $val }; -#XXX } - } - goto &$AUTOLOAD; -} - - __END__ =encoding utf-8 |