mirror of
https://github.com/brunoos/luasec.git
synced 2024-11-08 06:28:26 +01:00
Fix crash related to incorrect buffer size
The number of bytes received by ssl_recv() is being passed to luaL_addlstring() (in recvall()) but it was being left either uninitialized or being set to an error code. The crashing case I found was when the state was not LSEC_STATE_CONNECTED (e.g. when dohandshake() has failed) and ssl_recv() returned immediately without setting "got".
This commit is contained in:
parent
20443861eb
commit
5a98bb6adb
@ -191,19 +191,19 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
|
|||||||
{
|
{
|
||||||
int err;
|
int err;
|
||||||
p_ssl ssl = (p_ssl)ctx;
|
p_ssl ssl = (p_ssl)ctx;
|
||||||
|
*got = 0;
|
||||||
if (ssl->state != LSEC_STATE_CONNECTED)
|
if (ssl->state != LSEC_STATE_CONNECTED)
|
||||||
return IO_CLOSED;
|
return IO_CLOSED;
|
||||||
*got = 0;
|
|
||||||
for ( ; ; ) {
|
for ( ; ; ) {
|
||||||
ERR_clear_error();
|
ERR_clear_error();
|
||||||
err = SSL_read(ssl->ssl, data, (int)count);
|
err = SSL_read(ssl->ssl, data, (int)count);
|
||||||
ssl->error = SSL_get_error(ssl->ssl, err);
|
ssl->error = SSL_get_error(ssl->ssl, err);
|
||||||
switch (ssl->error) {
|
switch (ssl->error) {
|
||||||
case SSL_ERROR_NONE:
|
case SSL_ERROR_NONE:
|
||||||
*got = err;
|
*got = 0;
|
||||||
return IO_DONE;
|
return IO_DONE;
|
||||||
case SSL_ERROR_ZERO_RETURN:
|
case SSL_ERROR_ZERO_RETURN:
|
||||||
*got = err;
|
*got = 0;
|
||||||
return IO_CLOSED;
|
return IO_CLOSED;
|
||||||
case SSL_ERROR_WANT_READ:
|
case SSL_ERROR_WANT_READ:
|
||||||
err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
|
err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
|
||||||
|
Loading…
Reference in New Issue
Block a user