diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-09-23 03:04:48 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-09-23 03:06:17 +0900 |
commit | 6ff7844ea13ded27241fed9c641a20081b8ff402 (patch) | |
tree | 54a500c7f5a82988ad230f90e8405b152e14cd10 /test | |
parent | 6c5e6b3ba0363ca496ea0b464edd1f2a235e8bf2 (diff) | |
download | ruby-openssl-6ff7844ea13ded27241fed9c641a20081b8ff402.tar.gz |
ssl: prevent SSLSocket#sysread* from leaking uninitialized dataky/ssl-read-fix-leak-uninitialized
Set the length of the buffer string to 0 first, and adjust to the size
successfully read by the SSL_read() call later. This is needed because
the buffer string may be provided by the caller.
Diffstat (limited to 'test')
-rw-r--r-- | test/test_pair.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/test/test_pair.rb b/test/test_pair.rb index cbb985dd..ea5f0dcf 100644 --- a/test/test_pair.rb +++ b/test/test_pair.rb @@ -239,6 +239,30 @@ module OpenSSL::TestPairM } end + def test_read_with_outbuf + ssl_pair { |s1, s2| + s1.write("abc\n") + buf = "" + ret = s2.read(2, buf) + assert_same ret, buf + assert_equal "ab", ret + + buf = "garbage" + ret = s2.read(2, buf) + assert_same ret, buf + assert_equal "c\n", ret + + buf = "garbage" + assert_equal :wait_readable, s2.read_nonblock(100, buf, exception: false) + assert_equal "", buf + + s1.close + buf = "garbage" + assert_equal nil, s2.read(100, buf) + assert_equal "", buf + } + end + def test_write_nonblock ssl_pair {|s1, s2| assert_equal 3, s1.write_nonblock("foo") |