SSL: avoid calling SSL_write() with zero data size.

According to documentation, calling SSL_write() with num=0 bytes to be sent results in undefined behavior. We don't currently call ngx_ssl_send_chain() with empty chain and buffer. This check handles the case of a chain with total data size that is a multiple of NGX_SSL_BUFSIZE, and with the special buffer at the end. In practice such cases resulted in premature connection close and critical error "SSL_write() failed (SSL:)" in the error log.
author: Valentin Bartenev <vbart@nginx.com> 2013-01-28 15:40:25 +0000
committer: Valentin Bartenev <vbart@nginx.com> 2013-01-28 15:40:25 +0000
commit: 0f0fac70a14fc489eab91888772073ed1259b633 (patch)
tree: e44d6d8383f3f6d58afb97af1d23748312ffbf54
parent: f98b1d256114e7f9bdfd17ea362cdcb137cdc62c (diff)
download: nginx-0f0fac70a14fc489eab91888772073ed1259b633.tar.gz
nginx-0f0fac70a14fc489eab91888772073ed1259b633.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index c27dba91c..d288bc817 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1213,6 +1213,12 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
 
         size = buf->last - buf->pos;
 
+        if (size == 0) {
+            buf->flush = 0;
+            c->buffered &= ~NGX_SSL_BUFFERED;
+            return in;
+        }
+
         n = ngx_ssl_write(c, buf->pos, size);
 
         if (n == NGX_ERROR) {
author	Valentin Bartenev <vbart@nginx.com>	2013-01-28 15:40:25 +0000
committer	Valentin Bartenev <vbart@nginx.com>	2013-01-28 15:40:25 +0000
commit	0f0fac70a14fc489eab91888772073ed1259b633 (patch)
tree	e44d6d8383f3f6d58afb97af1d23748312ffbf54
parent	f98b1d256114e7f9bdfd17ea362cdcb137cdc62c (diff)
download	nginx-0f0fac70a14fc489eab91888772073ed1259b633.tar.gz nginx-0f0fac70a14fc489eab91888772073ed1259b633.zip