Skip to content

Commit 6b0e941

Browse files
tglsfdctglsfdc
committed
Fix misuse of an integer as a bool.
pgtls_read_pending is declared to return bool, but what the underlying SSL_pending function returns is a count of available bytes. This is actually somewhat harmless if we're using C99 bools, but in the back branches it's a live bug: if the available-bytes count happened to be a multiple of 256, it would get converted to a zero char value. On machines where char is signed, counts of 128 and up could misbehave as well. The net effect is that when using SSL, libpq might block waiting for data even though some has already been received. Broken by careless refactoring in commit 4e86f1b, so back-patch to 9.5 where that came in. Per bug #15802 from David Binderman. Discussion: https://postgr.es/m/15802-f0911a97f0346526@postgresql.org
1 parent 6ba0ff4 commit 6b0e941

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

src/interfaces/libpq/fe-misc.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1057,7 +1057,7 @@ pqSocketCheck(PGconn *conn, int forRead, int forWrite, time_t end_time)
10571057

10581058
#ifdef USE_SSL
10591059
/* Check for SSL library buffering read bytes */
1060-
if (forRead && conn->ssl_in_use && pgtls_read_pending(conn) > 0)
1060+
if (forRead && conn->ssl_in_use && pgtls_read_pending(conn))
10611061
{
10621062
/* short-circuit the select */
10631063
return 1;

src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -264,7 +264,7 @@ pgtls_read(PGconn *conn, void *ptr, size_t len)
264264
bool
265265
pgtls_read_pending(PGconn *conn)
266266
{
267-
return SSL_pending(conn->ssl);
267+
return SSL_pending(conn->ssl) > 0;
268268
}
269269

270270
ssize_t

0 commit comments

Comments
 (0)