Skip to content

x509store: check for error of X509_STORE_set_ex_data()#1032

Merged
rhenium merged 1 commit intoruby:masterfrom
ndossche:clesss-7
Apr 20, 2026
Merged

x509store: check for error of X509_STORE_set_ex_data()#1032
rhenium merged 1 commit intoruby:masterfrom
ndossche:clesss-7

Conversation

@ndossche
Copy link
Copy Markdown
Contributor

@ndossche ndossche commented Apr 18, 2026

This can technically fail because it internally performs allocations. Also confirmed by the man page [1].

[1] (among other functions on this page) https://docs.openssl.org/3.5/man3/BIO_get_ex_new_index

This was found by a hybrid static-dynamic analyser that looks for inconsistent handling of error checks in bindings.

@rhenium
Copy link
Copy Markdown
Member

rhenium commented Apr 20, 2026

Thanks for catching this. Other occurrences of *_set_ex_data() need the same treatment.

@ndossche
Copy link
Copy Markdown
Contributor Author

ndossche commented Apr 20, 2026

Do you want me to do that in this PR or would you want to merge this first?

@ndossche @rhenium
x509store, ssl: check for error of CRYPTO_set_ex_data()
c0de3f5 
This can technically fail because it internally performs allocations.
Also confirmed by the man page [1].

[1] (among other functions on this page) https://docs.openssl.org/3.5/man3/BIO_get_ex_new_index
@rhenium
Copy link
Copy Markdown
Member

rhenium commented Apr 20, 2026

It's straightforward change so I just updated this PR.

@rhenium rhenium merged commit 7dc19a4 into ruby:master Apr 20, 2026
47 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ndossche @rhenium