ruby-changes:43749
From: normal <ko1@a...>
Date: Sun, 7 Aug 2016 06:51:22 +0900 (JST)
Subject: [ruby-changes:43749] normal:r55822 (trunk): openssl: avoid undefined behavior on empty SSL_write
normal 2016-08-07 06:50:10 +0900 (Sun, 07 Aug 2016) New Revision: 55822 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55822 Log: openssl: avoid undefined behavior on empty SSL_write SSL_write(3ssl) manpage has this in the WARNINGS section: When calling SSL_write() with num=0 bytes to be sent the behaviour is undefined. And indeed, the new test case demonstrates failures when empty strings are used. So, match the behavior of IO#write, IO#write_nonblock, and IO#syswrite by returning zero, as the OpenSSL::SSL::SSLSocket API already closely mimics the IO one. * ext/openssl/ossl_ssl.c (ossl_ssl_write_internal): avoid undefined behavior * test/openssl/test_pair.rb (test_write_zero): new test [ruby-core:76751] [Bug #12660] Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_ssl.c trunk/test/openssl/test_pair.rb Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 55821) +++ ext/openssl/ossl_ssl.c (revision 55822) @@ -1744,7 +1744,13 @@ ossl_ssl_write_internal(VALUE self, VALU https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L1744 if (ssl_started(ssl)) { for (;;){ - nwrite = SSL_write(ssl, RSTRING_PTR(str), RSTRING_LENINT(str)); + int num = RSTRING_LENINT(str); + + /* SSL_write(3ssl) manpage states num == 0 is undefined */ + if (num == 0) + goto end; + + nwrite = SSL_write(ssl, RSTRING_PTR(str), num); switch(ssl_get_error(ssl, nwrite)){ case SSL_ERROR_NONE: goto end; Index: test/openssl/test_pair.rb =================================================================== --- test/openssl/test_pair.rb (revision 55821) +++ test/openssl/test_pair.rb (revision 55822) @@ -311,6 +311,17 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L311 } end + def test_write_zero + ssl_pair {|s1, s2| + assert_equal 0, s2.write_nonblock('', exception: false) + assert_kind_of Symbol, s1.read_nonblock(1, exception: false) + assert_equal 0, s2.syswrite('') + assert_kind_of Symbol, s1.read_nonblock(1, exception: false) + assert_equal 0, s2.write('') + assert_kind_of Symbol, s1.read_nonblock(1, exception: false) + } + end + def tcp_pair host = "127.0.0.1" serv = TCPServer.new(host, 0) Index: ChangeLog =================================================================== --- ChangeLog (revision 55821) +++ ChangeLog (revision 55822) @@ -1,3 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Sun Aug 7 06:48:21 2016 Eric Wong <e@8...> + + * ext/openssl/ossl_ssl.c (ossl_ssl_write_internal): + avoid undefined behavior + * test/openssl/test_pair.rb (test_write_zero): new test + [ruby-core:76751] [Bug #12660] + Sat Aug 6 09:35:30 2016 Nobuyoshi Nakada <nobu@r...> * id_table.h (rb_id_table_iterator_result): add dummy sentinel -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/