[ruby/openssl] Raise an exception if the IO object passed to SSLSocket isn't a file
SSLSocket#connect eventually calls GetOpenFile in order to get the underlying file descriptor for the IO object passed in on initialization. GetOpenFile assumes that the Ruby object passed in is a T_FILE object and just casts it to a T_FILE without any checks. If you pass an object that isn't a T_FILE to that function, the program will segv.
Since we assume the IO object is a file in the connect method, this commit adds a CheckType in the initialize method to ensure that the IO object is actually a T_FILE. If the object isn't a T_FILE, this class will segv on connect, so I think this is a backwards compatible change.
Added by tenderlovemaking (Aaron Patterson) about 4 years ago
[ruby/openssl] Raise an exception if the IO object passed to SSLSocket isn't a file
SSLSocket#connect eventually calls
GetOpenFilein order to get theunderlying file descriptor for the IO object passed in on
initialization.
GetOpenFileassumes that the Ruby object passed in isa T_FILE object and just casts it to a T_FILE without any checks. If
you pass an object that isn't a T_FILE to that function, the program
will segv.
Since we assume the IO object is a file in the
connectmethod, thiscommit adds a
CheckTypein the initialize method to ensure that the IOobject is actually a T_FILE. If the object isn't a T_FILE, this class
will segv on
connect, so I think this is a backwards compatiblechange.
https://github.com/ruby/openssl/commit/919fa44ec2