- #45808, stream_socket_enable_crypto() blocks and eats CPU

diff --git a/NEWS b/NEWS
index 72595129cd710848410f5a71513bb2975110d104..03b0479cefc00f0f533ca61d5d49d3e8d5e098d8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -79,6 +79,8 @@ PHP                                                                        NEWS
   requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
 - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas)
 
+- Fixed bug #45808 (stream_socket_enable_crypto() blocks and eats CPU).
+  (vincent at optilian dot com)
 - Fixed bug #52101 (dns_get_record() garbage in 'ipv6' field on Windows).
   (Pierre)
 - Fixed bug #52082 (character_set_client & character_set_connection reset after

diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index f1a4eb7e09737a2681d5d84cae77d28d73c57d48..412a445d1182758fc99753cd11ff22f6dc08c07e 100644 (file)
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -312,8 +312,12 @@ static inline int php_openssl_setup_crypto(php_stream *stream,
        SSL_METHOD *method;
        
        if (sslsock->ssl_handle) {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL/TLS already set-up for this stream");
-               return -1;
+               if (sslsock->s.is_blocked) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL/TLS already set-up for this stream");
+                       return -1;
+               } else {
+                       return 0;
+               }
        }
 
        /* need to do slightly different things, based on client/server method,
@@ -435,7 +439,8 @@ static inline int php_openssl_enable_crypto(php_stream *stream,
                        }
 
                        if (n <= 0) {
-                               retry = handle_ssl_error(stream, n, 1 TSRMLS_CC);
+                               retry = handle_ssl_error(stream, n, sslsock->is_client || sslsock->s.is_blocked TSRMLS_CC);
+
                        } else {
                                break;
                        }