moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 21:45:13 -05:00
Code Issues Releases Wiki Activity

TLS: SSL_peek is not a const operation

Browse Source 
Calling SSL_peek can cause bytes to be read from the raw socket which in
turn can upset the select machinery that determines whether there's data
available on the socket.

Since Curl_ossl_check_cxn only tries to determine whether the socket is
alive and doesn't actually need to see the bytes SSL_peek seems like
the wrong function to call.

We're able to occasionally reproduce a connect timeout due to this
bug. What happens is that Curl doesn't know to call SSL_connect again
after the peek happens since data is buffered in the SSL buffer and thus
select won't fire for this socket.

Closes #795
This commit is contained in:
Anders Bakken 2016-05-10 12:49:33 -07:00 committed by Daniel Stenberg
parent f6767f5435
commit 856baf5a46
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/vtls/openssl.c
View File

@ -759,17 +759,17 @@ void Curl_ossl_cleanup(void)
*/ */
int Curl_ossl_check_cxn(struct connectdata *conn) int Curl_ossl_check_cxn(struct connectdata *conn)
{ {
int rc; #ifdef MSG_PEEK
char buf; char buf;
if(recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
rc = SSL_peek(conn->ssl[FIRSTSOCKET].handle, (void*)&buf, 1); (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK) == 0) {
if(rc > 0)
return 1; /* connection still in place */
if(rc == 0)
return 0; /* connection has been closed */ return 0; /* connection has been closed */
}
else
return 1; /* connection still in place */
#else
return -1; /* connection status unknown */ return -1; /* connection status unknown */
#endif
} }
/* Selects an OpenSSL crypto engine /* Selects an OpenSSL crypto engine