Skip to content

ssl: prevent SSLSocket#sysread* from leaking uninitialized data#153

Merged
rhenium merged 2 commits intoruby:maintfrom
rhenium:ky/ssl-read-fix-leak-uninitialized
Sep 24, 2017
Merged

ssl: prevent SSLSocket#sysread* from leaking uninitialized data#153
rhenium merged 2 commits intoruby:maintfrom
rhenium:ky/ssl-read-fix-leak-uninitialized

Conversation

@rhenium
Copy link
Member

@rhenium rhenium commented Sep 22, 2017

Set the length of the buffer string to 0 first, and adjust to the size
successfully read by the SSL_read() call later. This is needed because
the buffer string may be provided by the caller.

@rhenium
test/test_pair: replace sleep with IO.select
6c5e6b3 
The sleep was to ensure that the SSLSocket#read_nonblock will get
close_notify alert. A simple IO.select will suffice.
@rhenium
ssl: prevent SSLSocket#sysread* from leaking uninitialized data
6ff7844 
Set the length of the buffer string to 0 first, and adjust to the size
successfully read by the SSL_read() call later. This is needed because
the buffer string may be provided by the caller.
@rhenium rhenium merged commit 295dd1d into ruby:maint Sep 24, 2017
@HoneyryderChuck
Copy link
Contributor

HoneyryderChuck commented Oct 6, 2017

This fixes a bug using SSLSocket#read_nonblock with a buffer as a second argument.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rhenium @HoneyryderChuck