diff options
| author | Daniel Lowrey <rdlowrey@php.net> | 2015-04-14 09:12:28 -0600 |
|---|---|---|
| committer | Daniel Lowrey <rdlowrey@php.net> | 2015-04-14 09:24:40 -0600 |
| commit | 601d60a978b9e053ab8e6dc0f12ff850fc642ced (patch) | |
| tree | eef08470a9a4d3980eb7ed247836791ccd50e908 | |
| parent | 95650d0942c99db8c247797d2ce708a586298ae9 (diff) | |
| download | php-git-601d60a978b9e053ab8e6dc0f12ff850fc642ced.tar.gz | |
Fix Bug #69402: Reading empty SSL stream hangs until timeout
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/openssl/xp_ssl.c | 13 |
2 files changed, 13 insertions, 4 deletions
@@ -26,6 +26,10 @@ PHP NEWS . Fixed bug #69281 (opcache_is_script_cached no longer works). (danack) . Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence) +- OpenSSL: + . Fixed bug #69402 (Reading empty SSL stream hangs until timeout). + (Daniel Lowrey) + - Sqlite3: . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index e8bc6ae39d..6c80c22287 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -195,7 +195,7 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz { php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract; int nr_bytes = 0; - + /* Only do this if SSL is active. */ if (sslsock->ssl_active) { int retry = 1; @@ -271,13 +271,18 @@ static size_t php_openssl_sockop_io(int read, php_stream *stream, char *buf, siz /* Also, on reads, we may get this condition on an EOF. We should check properly. */ if (read) { - stream->eof = (retry == 0 && errno != EAGAIN && !SSL_pending(sslsock->ssl_handle)); + stream->eof = (retry == 0 && errno != EAGAIN && !SSL_pending(sslsock->ssl_handle)); } - + + /* Don't loop indefinitely in non-blocking mode if no data is available */ + if (began_blocked == 0) { + break; + } + /* Now, if we have to wait some time, and we're supposed to be blocking, wait for the socket to become * available. Now, php_pollfd_for uses select to wait up to our time_left value only... */ - if (retry && began_blocked) { + if (retry) { if (read) { php_pollfd_for(sslsock->s.socket, (err == SSL_ERROR_WANT_WRITE) ? (POLLOUT|POLLPRI) : (POLLIN|POLLPRI), has_timeout ? &left_time : NULL); |