From 257834e5011cdd8b19c55327c3faaf0643732dbd Mon Sep 17 00:00:00 2001
From: Gerhard Rieger <gerhard@dest-unreach.org>
Date: Mon, 3 Feb 2014 21:08:21 +0100
Subject: [PATCH] OPENSSL-CONNECT with bind option failed on some systems with
 Invalid argument

---
 CHANGES       |  4 ++++
 test.sh       | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 xio-openssl.c |  4 ++--
 3 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 6874860..ccf41b1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -20,6 +20,10 @@ corrections:
 	digits. Thanks to Frank Dana for providing a patch that increases field
 	width to 24 digits.
 
+	OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
+	"Invalid argument"
+	Thanks to Emile den Tex for reporting this bug.
+
 porting:
 	Performed changes for Fedora release 19
 
diff --git a/test.sh b/test.sh
index 6e82e2d..aaca04d 100755
--- a/test.sh
+++ b/test.sh
@@ -11198,6 +11198,57 @@ PORT=$((PORT+1))
 N=$((N+1))
 
 
+# OPENSSL-CONNECT with bind option failed on some systems (eg.FreeBSD, but not
+# Linux) with "Invalid argument".
+NAME=OPENSSL_CONNECT_BIND
+case "$TESTS" in
+*%functions%*|*%bugs%*|*%socket%*|*%ssl%*|*%$NAME%*)
+TEST="$NAME: test OPENSSL-CONNECT with bind option"
+# have a simple SSL server that just echoes data.
+# connect with socat using OPENSSL-CONNECT with bind, send data and check if the
+# reply is identical.
+if ! eval $NUMCOND; then :; else
+tf0="$td/test$N.0.stdout"
+te0="$td/test$N.0.stderr"
+tf1="$td/test$N.1.stdout"
+te1="$td/test$N.1.stderr"
+tdiff="$td/test$N.diff"
+da="test$N $(date) $RANDOM"
+CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,ciphers=aNULL,verify=0, PIPE"
+CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,bind=$LOCALHOST,ciphers=aNULL,verify=0"
+printf "test $F_n $TEST... " $N
+$CMD0 >/dev/null 2>"$te0" &
+pid0=$!
+waittcp4port $PORT 1
+echo "$da" |$CMD1 >"$tf1" 2>"$te1"
+rc1=$?
+kill $pid0 2>/dev/null; wait
+if [ "$rc1" -ne 0 ]; then
+    $PRINTF "$FAILED\n"
+    echo "$CMD0 &"
+    echo "$CMD1"
+    cat "$te0"
+    cat "$te1"
+    numFAIL=$((numFAIL+1))
+elif ! echo "$da" |diff - $tf1 >"$tdiff"; then
+    $PRINTF "$FAILED\n"
+    echo "$CMD0 &"
+    echo "$CMD1"
+    cat "${te}0"
+    cat "${te}1"
+    cat "$tdiff"
+    numFAIL=$((numFAIL+1))
+else
+    $PRINTF "$OK\n"
+    numOK=$((numOK+1))
+fi
+fi # NUMCOND
+ ;;
+esac
+PORT=$((PORT+1))
+N=$((N+1))
+
+
 ###############################################################################
 # here come tests that might affect your systems integrity. Put normal tests
 # before this paragraph.
diff --git a/xio-openssl.c b/xio-openssl.c
index 02186a3..66d9c7d 100644
--- a/xio-openssl.c
+++ b/xio-openssl.c
@@ -1,5 +1,5 @@
 /* source: xio-openssl.c */
-/* Copyright Gerhard Rieger 2002-2011 */
+/* Copyright Gerhard Rieger */
 /* Published under the GNU General Public License V.2, see file COPYING */
 
 /* this file contains the implementation of the openssl addresses */
@@ -243,7 +243,7 @@ static int
       /* this cannot fork because we retrieved fork option above */
       result =
 	 _xioopen_connect(xfd,
-			  needbind?(struct sockaddr *)us:NULL, sizeof(*us),
+			  needbind?(struct sockaddr *)us:NULL, uslen,
 			  (struct sockaddr *)them, themlen,
 			  opts, pf, socktype, ipproto, lowport, level);
       switch (result) {