Mark Eichin submitted bug report #1480821

(http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a
problem with how libcurl dealt with GnuTLS and a case where gnutls returned
GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected
return code, making Curl_ssl_send() confuse the upper layer - causing random
28 bytes trash data to get inserted in the transfered stream.

The proper fix was to make the Curl_gtls_send() function return the proper
return codes that the callers would expect. The Curl_ossl_send() function
already did this.

diff --git a/CHANGES b/CHANGES
index 4d87132d42cfeb30cf1361efa0bdf1915d24f823..4154ff20ac5fa12e7186c55b39b72971e04a499a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,18 @@
 
                                   Changelog
 
+Daniel (4 May 2006)
+- Mark Eichin submitted bug report #1480821
+  (http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a
+  problem with how libcurl dealt with GnuTLS and a case where gnutls returned
+  GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected
+  return code, making Curl_ssl_send() confuse the upper layer - causing random
+  28 bytes trash data to get inserted in the transfered stream.
+
+  The proper fix was to make the Curl_gtls_send() function return the proper
+  return codes that the callers would expect. The Curl_ossl_send() function
+  already did this.
+
 Daniel (2 May 2006)
 - Added a --checkfor option to curl-config to allow users to easier 
   write for example shell scripts that test for the presence of a 

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 810ffda9280176889d6c656336c006cc6a18dd5c..1fe83f38c0117acdef210e5ae2f28a9d0a30bbd5 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -20,6 +20,7 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o GnuTLS non-block case that could cause data trashing
  o deflate code survives lack of zlib header
  o CURLOPT_INTERFACE works with hostname
  o configure runs fine with ICC
@@ -46,6 +47,6 @@ advice from friends like these:
 
  Dan Fandrich, Ilja van Sprundel, David McCreedy, Tor Arntsen, Xavier Bouchoux,
  David Byron, Michele Bini, Ates Goral, Katie Wang, Robson Braga Araujo,
- Ale Vesely, Paul Querna, Gisle Vanem
+ Ale Vesely, Paul Querna, Gisle Vanem, Mark Eichin
 
         Thanks! (and sorry if I forgot to mention someone)

diff --git a/lib/gtls.c b/lib/gtls.c
index 5d3959cce2931483d643de266fb190e1be83e4df..4cf78080b1e17d83d934ce7370500efdb2b89560 100644 (file)
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -458,6 +458,12 @@ int Curl_gtls_send(struct connectdata *conn,
   int rc;
   rc = gnutls_record_send(conn->ssl[sockindex].session, mem, len);
 
+  if(rc < 0 ) {
+    if(rc == GNUTLS_E_AGAIN)
+      return 0; /* EWOULDBLOCK equivalent */
+    rc = -1; /* generic error code for send failure */
+  }
+
   return rc;
 }