New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl: prevent SSLSocket#sysread* from leaking uninitialized data #153

Merged

rhenium merged 2 commits into ruby:maint from rhenium:ky/ssl-read-fix-leak-uninitialized

Sep 24, 2017

Commits on Sep 22, 2017

test/test_pair: replace sleep with IO.select
```
The sleep was to ensure that the SSLSocket#read_nonblock will get
close_notify alert. A simple IO.select will suffice.
```
rhenium committed Sep 22, 2017
Configuration menu
View commit details

Copy full SHA for 6c5e6b3

Browse repository at this point
Copy the full SHA

6c5e6b3 View commit details

Browse the repository at this point in the history
ssl: prevent SSLSocket#sysread* from leaking uninitialized data
```
Set the length of the buffer string to 0 first, and adjust to the size
successfully read by the SSL_read() call later. This is needed because
the buffer string may be provided by the caller.
```
rhenium committed Sep 22, 2017
Configuration menu
View commit details

Copy full SHA for 6ff7844

Browse repository at this point
Copy the full SHA

6ff7844 View commit details

Browse the repository at this point in the history