AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SSL: Don't write to closed socket or write to deallocated buffer

Browse Source 
Change-Id: I061848ae570b382d640f8e46a1c54aeaeddbd77d
Fixes: QTBUG-61307
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
This commit is contained in:
Mårten Nordheim 2018-09-27 14:20:46 +02:00 committed by André Klitzing
parent 3ed8dc3788
commit ef4ba0285f
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/network/ssl/qsslsocket_openssl.cpp
View File

@ -675,7 +675,8 @@ void QSslSocketBackendPrivate::transmit()
// Check if we've got any data to be written to the socket. // Check if we've got any data to be written to the socket.
QVarLengthArray<char, 4096> data; QVarLengthArray<char, 4096> data;
int pendingBytes; int pendingBytes;
while (plainSocket->isValid() && (pendingBytes = q_BIO_pending(writeBio)) > 0) { while (plainSocket->isValid() && (pendingBytes = q_BIO_pending(writeBio)) > 0
&& plainSocket->openMode() != QIODevice::NotOpen) {
// Read encrypted data from the write BIO into a buffer. // Read encrypted data from the write BIO into a buffer.
data.resize(pendingBytes); data.resize(pendingBytes);
int encryptedBytesRead = q_BIO_read(writeBio, data.data(), pendingBytes); int encryptedBytesRead = q_BIO_read(writeBio, data.data(), pendingBytes);
@ -760,6 +761,10 @@ void QSslSocketBackendPrivate::transmit()
int readBytes = 0; int readBytes = 0;
const int bytesToRead = 4096; const int bytesToRead = 4096;
do { do {
if (readChannelCount == 0) {
// The read buffer is deallocated, don't try resize or write to it.
break;
}
// Don't use SSL_pending(). It's very unreliable. // Don't use SSL_pending(). It's very unreliable.
readBytes = q_SSL_read(ssl, buffer.reserve(bytesToRead), bytesToRead); readBytes = q_SSL_read(ssl, buffer.reserve(bytesToRead), bytesToRead);
if (readBytes > 0) { if (readBytes > 0) {