ssl: do not trigger EOF if some data had been successfully read
(cherry picked from commit 3e89f467ae7c5b29ad15f32f3bfea6e023d8ff70)
This commit is contained in:
shixuantong
openeuler-sync-bot
parent
9d17d9bdf1
commit
622a04fe1b
@ -0,0 +1,44 @@
|
||||
From 7652cf4068f77905a56b9165455ec7e90917ec31 Mon Sep 17 00:00:00 2001
|
||||
From: Azat Khuzhin <azat@libevent.org>
|
||||
Date: Sun, 14 May 2023 16:53:13 +0200
|
||||
Subject: [PATCH] ssl: do not triger EOF if some data had been successfully
|
||||
read
|
||||
|
||||
Reference:https://github.com/libevent/libevent/commit/ef51444f439b922c8fb00c7ef3f8482b6400b6ea
|
||||
https://github.com/libevent/libevent/commit/49a7ae4c5668ebad7b6c4618664224c1a0bc5079
|
||||
https://github.com/libevent/libevent/commit/7652cf4068f77905a56b9165455ec7e90917ec31
|
||||
|
||||
Previously in case when evbuffer_reserve_space() returns > 1, but
|
||||
it was able to read only 1 IO vector, it will try to read the next one,
|
||||
got 0 (EOF for mbedTLS or SSL_ERROR_ZERO_RETURN for OpenSSL) and will
|
||||
trigger EOF, while instead, it should trigger EV_READ w/o EOF and only
|
||||
after EOF.
|
||||
---
|
||||
bufferevent_openssl.c | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/bufferevent_openssl.c b/bufferevent_openssl.c
|
||||
index b51b834..8b4b655 100644
|
||||
--- a/bufferevent_openssl.c
|
||||
+++ b/bufferevent_openssl.c
|
||||
@@ -616,6 +616,17 @@ do_read(struct bufferevent_openssl *bev_ssl, int n_to_read) {
|
||||
} else {
|
||||
int err = SSL_get_error(bev_ssl->ssl, r);
|
||||
print_err(err);
|
||||
+ /* NOTE: we ignore the error in case of some progress was done,
|
||||
+ * because currently we do not send close_notify, and this will
|
||||
+ * lead to error from SSL_read() (it will return 0, and
|
||||
+ * SSL_get_error() will return SSL_ERROR_SSL), and this is because
|
||||
+ * of lack of close_notify
|
||||
+ *
|
||||
+ * But AFAICS some code uses it the same way (i.e. nginx) */
|
||||
+ if (result & OP_MADE_PROGRESS) {
|
||||
+ /* Process existing data */
|
||||
+ break;
|
||||
+ }
|
||||
switch (err) {
|
||||
case SSL_ERROR_WANT_READ:
|
||||
/* Can't read until underlying has more data. */
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: libevent
|
||||
Version: 2.1.12
|
||||
Release: 5
|
||||
Release: 6
|
||||
Summary: An event notification library
|
||||
|
||||
License: BSD
|
||||
@ -11,6 +11,7 @@ BuildRequires: gcc doxygen openssl-devel
|
||||
|
||||
Patch0: libevent-nonettests.patch
|
||||
Patch1: http-add-callback-to-allow-server-to-decline-and-the.patch
|
||||
Patch6000: backport-ssl-do-not-trigger-EOF-if-some-data-had-been-successf.patch
|
||||
|
||||
%description
|
||||
Libevent additionally provides a sophisticated framework for buffered network IO, with support for sockets,
|
||||
@ -83,6 +84,12 @@ EOF
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Jul 29 2023 shixuantong <shixuantong1@huawei.com> - 2.1.12-6
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC:ssl: do not trigger EOF if some data had been successfully read
|
||||
|
||||
* Thu Oct 27 2022 dongyuzhen <dongyuzhen@h-partners.com> - 2.1.12-5
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user