Skip to content

Commit e3bf3c0

Browse files
tglsfdctglsfdc
committed
Fix misuse of an integer as a bool.
pgtls_read_pending is declared to return bool, but what the underlying SSL_pending function returns is a count of available bytes. This is actually somewhat harmless if we're using C99 bools, but in the back branches it's a live bug: if the available-bytes count happened to be a multiple of 256, it would get converted to a zero char value. On machines where char is signed, counts of 128 and up could misbehave as well. The net effect is that when using SSL, libpq might block waiting for data even though some has already been received. Broken by careless refactoring in commit 4e86f1b, so back-patch to 9.5 where that came in. Per bug #15802 from David Binderman. Discussion: https://postgr.es/m/15802-f0911a97f0346526@postgresql.org
1 parent 7c16a2b commit e3bf3c0

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

src/interfaces/libpq/fe-misc.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1059,7 +1059,7 @@ pqSocketCheck(PGconn *conn, int forRead, int forWrite, time_t end_time)
10591059

10601060
#ifdef USE_SSL
10611061
/* Check for SSL library buffering read bytes */
1062-
if (forRead && conn->ssl_in_use && pgtls_read_pending(conn) > 0)
1062+
if (forRead && conn->ssl_in_use && pgtls_read_pending(conn))
10631063
{
10641064
/* short-circuit the select */
10651065
return 1;

src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ pgtls_open_client(PGconn *conn)
150150
bool
151151
pgtls_read_pending(PGconn *conn)
152152
{
153-
return SSL_pending(conn->ssl);
153+
return SSL_pending(conn->ssl) > 0;
154154
}
155155

156156
/*

0 commit comments

Comments
 (0)