Mercurial > hg > nginx
changeset 5022:1d819608ad4a
SSL: avoid calling SSL_write() with zero data size.
According to documentation, calling SSL_write() with num=0 bytes to be sent
results in undefined behavior.
We don't currently call ngx_ssl_send_chain() with empty chain and buffer.
This check handles the case of a chain with total data size that is
a multiple of NGX_SSL_BUFSIZE, and with the special buffer at the end.
In practice such cases resulted in premature connection close and critical
error "SSL_write() failed (SSL:)" in the error log.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Mon, 28 Jan 2013 15:40:25 +0000 |
parents | 674f8739e443 |
children | 70a35b7b63ea |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 6 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c Mon Jan 28 15:38:36 2013 +0000 +++ b/src/event/ngx_event_openssl.c Mon Jan 28 15:40:25 2013 +0000 @@ -1213,6 +1213,12 @@ size = buf->last - buf->pos; + if (size == 0) { + buf->flush = 0; + c->buffered &= ~NGX_SSL_BUFFERED; + return in; + } + n = ngx_ssl_write(c, buf->pos, size); if (n == NGX_ERROR) {