Skip to content

Commit e8e1d45

Browse files
tglsfdctglsfdc
committed
SSL_read/SSL_write do not approximate the return conventions of recv()
and send() very well at all; and in any case we can't use retval==0 for EOF due to race conditions. Make the same fixes in the backend as are required in libpq.
1 parent 39a9496 commit e8e1d45

File tree

1 file changed

+11
-3
lines changed

1 file changed

+11
-3
lines changed

src/backend/libpq/be-secure.c

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.39 2003/08/04 02:39:59 momjian Exp $
14+
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.40 2003/08/04 17:58:14 tgl Exp $
1515
*
1616
* Since the server static private key ($DataDir/server.key)
1717
* will normally be stored unencrypted so that the database
@@ -273,24 +273,28 @@ secure_read(Port *port, void *ptr, size_t len)
273273
(errcode_for_socket_access(),
274274
errmsg("SSL SYSCALL error: %m")));
275275
else
276+
{
276277
ereport(COMMERROR,
277278
(errcode(ERRCODE_PROTOCOL_VIOLATION),
278279
errmsg("SSL SYSCALL error: EOF detected")));
280+
errno = ECONNRESET;
281+
n = -1;
282+
}
279283
break;
280284
case SSL_ERROR_SSL:
281285
ereport(COMMERROR,
282286
(errcode(ERRCODE_PROTOCOL_VIOLATION),
283287
errmsg("SSL error: %s", SSLerrmessage())));
284288
/* fall through */
285289
case SSL_ERROR_ZERO_RETURN:
286-
secure_close(port);
287290
errno = ECONNRESET;
288291
n = -1;
289292
break;
290293
default:
291294
ereport(COMMERROR,
292295
(errcode(ERRCODE_PROTOCOL_VIOLATION),
293296
errmsg("unrecognized SSL error code")));
297+
n = -1;
294298
break;
295299
}
296300
}
@@ -353,24 +357,28 @@ secure_write(Port *port, void *ptr, size_t len)
353357
(errcode_for_socket_access(),
354358
errmsg("SSL SYSCALL error: %m")));
355359
else
360+
{
356361
ereport(COMMERROR,
357362
(errcode(ERRCODE_PROTOCOL_VIOLATION),
358363
errmsg("SSL SYSCALL error: EOF detected")));
364+
errno = ECONNRESET;
365+
n = -1;
366+
}
359367
break;
360368
case SSL_ERROR_SSL:
361369
ereport(COMMERROR,
362370
(errcode(ERRCODE_PROTOCOL_VIOLATION),
363371
errmsg("SSL error: %s", SSLerrmessage())));
364372
/* fall through */
365373
case SSL_ERROR_ZERO_RETURN:
366-
secure_close(port);
367374
errno = ECONNRESET;
368375
n = -1;
369376
break;
370377
default:
371378
ereport(COMMERROR,
372379
(errcode(ERRCODE_PROTOCOL_VIOLATION),
373380
errmsg("unrecognized SSL error code")));
381+
n = -1;
374382
break;
375383
}
376384
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy