ssl: prevent SSLSocket#sysread* from leaking uninitialized dataky/ssl-read-fix-leak-uninitialized

Set the length of the buffer string to 0 first, and adjust to the size successfully read by the SSL_read() call later. This is needed because the buffer string may be provided by the caller.
author: Kazuki Yamaguchi <k@rhe.jp> 2017-09-23 03:04:48 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2017-09-23 03:06:17 +0900
commit: 6ff7844ea13ded27241fed9c641a20081b8ff402 (patch)
tree: 54a500c7f5a82988ad230f90e8405b152e14cd10 /test
parent: 6c5e6b3ba0363ca496ea0b464edd1f2a235e8bf2 (diff)
download: ruby-openssl-6ff7844ea13ded27241fed9c641a20081b8ff402.tar.gz
1 files changed, 24 insertions, 0 deletions
diff --git a/test/test_pair.rb b/test/test_pair.rb
index cbb985dd..ea5f0dcf 100644
--- a/test/test_pair.rb
+++ b/test/test_pair.rb
@@ -239,6 +239,30 @@ module OpenSSL::TestPairM
     }
   end
 
+  def test_read_with_outbuf
+    ssl_pair { |s1, s2|
+      s1.write("abc\n")
+      buf = ""
+      ret = s2.read(2, buf)
+      assert_same ret, buf
+      assert_equal "ab", ret
+
+      buf = "garbage"
+      ret = s2.read(2, buf)
+      assert_same ret, buf
+      assert_equal "c\n", ret
+
+      buf = "garbage"
+      assert_equal :wait_readable, s2.read_nonblock(100, buf, exception: false)
+      assert_equal "", buf
+
+      s1.close
+      buf = "garbage"
+      assert_equal nil, s2.read(100, buf)
+      assert_equal "", buf
+    }
+  end
+
   def test_write_nonblock
     ssl_pair {|s1, s2|
       assert_equal 3, s1.write_nonblock("foo")
author	Kazuki Yamaguchi <k@rhe.jp>	2017-09-23 03:04:48 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2017-09-23 03:06:17 +0900
commit	6ff7844ea13ded27241fed9c641a20081b8ff402 (patch)
tree	54a500c7f5a82988ad230f90e8405b152e14cd10 /test
parent	6c5e6b3ba0363ca496ea0b464edd1f2a235e8bf2 (diff)
download	ruby-openssl-6ff7844ea13ded27241fed9c641a20081b8ff402.tar.gz