Project

General

Profile

Actions
Copy link

Bug #12660

closed

[PATCH] openssl: avoid undefined behavior on empty SSL_write

Bug #12660: [PATCH] openssl: avoid undefined behavior on empty SSL_write

Added by normalperson (Eric Wong) about 9 years ago. Updated about 9 years ago.

Status:
Closed
Assignee:
rhenium (Kazuki Yamaguchi)
Target version:
-
ruby -v:
Backport:
2.1: REQUIRED, 2.2: DONE, 2.3: DONE
[ruby-core:76751]

Description

SSL_write(3ssl) manpage has this in the WARNINGS section:

   When calling SSL_write() with num=0 bytes to be sent the
   behaviour is undefined.

And indeed, the new test case demonstrates failures when
empty strings are used. So, match the behavior of IO#write,
IO#write_nonblock, and IO#syswrite by returning zero, as the
OpenSSL::SSL::SSLSocket API already closely mimics the IO one.

  • ext/openssl/ossl_ssl.c (ossl_ssl_write_internal):
    avoid undefined behavior
  • test/openssl/test_pair.rb (test_write_zero): new test

Comments? Will commit in a week or so if no response.

Files

0001-openssl-avoid-undefined-behavior-on-empty-SSL_write.patch (2.17 KB) 0001-openssl-avoid-undefined-behavior-on-empty-SSL_write.patch normalperson (Eric Wong), 08/06/2016 10:34 AM
Actions
Copy link

Also available in: PDF Atom