Skip Menu |

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 48131
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL
People
Owner: Nobody in particular
Requestors: eli [...] dvns.com
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in:
  • 1.02
  • 1.26
Fixed in: (no value)

History Show all quoted text
  Thu Jul 23 18:47:22 2009 eli [...] dvns.com - Ticket created
Subject: Incorrect check of error value in generic_write
generic_write does not properly check the written value for errors from NET::SSLeay::write calls, which causes a: Use of uninitialized value in numeric lt (<) when Net:SSLeay::ssl_write_all has an error Also the Net::SSLeay::write_partial returns the value from SSL_write which can return 0 or -1 if it was not successful Have included patch file
Subject: generic_write_error.patch
diff -r -U 3 -N IO-Socket-SSL-1.26/SSL.pm IO-Socket-SSL-1.26_patchedWrite/SSL.pm --- IO-Socket-SSL-1.26/SSL.pm 2009-07-03 02:29:28.000000000 -0500 +++ IO-Socket-SSL-1.26_patchedWrite/SSL.pm 2009-07-23 16:53:56.000000000 -0500 @@ -649,7 +649,9 @@ } else { $written = Net::SSLeay::write_partial( $ssl,$offset,$length,$$buffer ); } - $written = undef if $written < 0; # Net::SSLeay::write returns -1 not undef on error + # Net::SSLeay::ssl_write_all returns (undef,errs) or undef on error + # Net::SSLeay::write_partial returns 0 or -1 on error + $written = undef if ( defined $written && $written < 1 ); if ( !defined($written) ) { $self->_set_rw_error( $ssl,-1 ) || $self->error("SSL write error");
  Fri Jul 24 02:35:28 2009 Steffen_Ullrich [...] genua.de - Correspondence added
Hi, thanks for your bug report and patch. I've fixed it slightly different in 1.27. Please note, that the problem only occures, when you use perl -w, e.g. when you forces warnings even in modules, which don't have warnings enabled with 'use warnings'. I would rather recommend to use warnings only in the code, where you know it's safe. Regards, Steffen On Do. 23. Jul. 2009, 18:47:22, ecmenifee wrote: Show quoted text
> generic_write does not properly check the written value for errors from > NET::SSLeay::write calls, which causes a: > > Use of uninitialized value in numeric lt (<) > when Net:SSLeay::ssl_write_all has an error > > Also the Net::SSLeay::write_partial returns the value from SSL_write > which can return 0 or -1 if it was not successful > > Have included patch file > > >
  Fri Jul 24 02:35:28 2009 The RT System itself - Status changed from 'new' to 'open'
  Fri Jul 24 02:35:30 2009 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'resolved'