mirror/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2026-01-26 20:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ruby/openssl] Add missing write barriers in X509

Browse Source 
Both the X509 store and X509 store context were missing write barriers.
To the callback object being stored in the ex data.

These values were also being stored as an IV, however in Ruby HEAD we're
now storing the IVs for T_DATA (generic IVs) on a separate object. So we
need an additional write barrier.

I believe this was always necessary, because we could have done
incremental marking ahead of compaction, and without the write barrier
the mark function could have been run before @verify_callback was
assigned.

This was detected by wbcheck

https://github.com/ruby/openssl/commit/1fda3a99ef
This commit is contained in:
John Hawthorn 2025-08-12 15:22:23 -07:00 committed by git
parent 6fe4ed507f
commit 3ff1ca07ba
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ext/openssl/ossl_x509store.c
View File

@ -191,8 +191,8 @@ ossl_x509store_set_vfy_cb(VALUE self, VALUE cb)
GetX509Store(self, store);
rb_iv_set(self, "@verify_callback", cb);
// We don't need to trigger a write barrier because `rb_iv_set` did it.
X509_STORE_set_ex_data(store, store_ex_verify_cb_idx, (void *)cb);
RB_OBJ_WRITTEN(self, Qundef, cb);
return cb;
}
@ -611,6 +611,7 @@ ossl_x509stctx_verify(VALUE self)
GetX509StCtx(self, ctx);
VALUE cb = rb_iv_get(self, "@verify_callback");
X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx, (void *)cb);
RB_OBJ_WRITTEN(self, Qundef, cb);
switch (X509_verify_cert(ctx)) {
case 1: