PR:

Obtained from:
Submitted by:
Reviewed by:
ssl_io_input_read now returns APR_EOF if ssl_io_hook_read returns 0
bytes for a reason other than SSL_ERROR_WANT_READ.  this should
prevent a possible endless loop.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94519 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 4b38f3dccd573ca2fe41ae3dca8e245da727aade..1d5497de6dc66c3888fa08ef3830af1fa57b6488 100644 (file)
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -485,7 +485,7 @@ static int ssl_io_hook_read(SSL *ssl, char *buf, int len)
 
     rc = SSL_read(ssl, buf, len);
 
-    if (rc < 0) {
+    if (rc <= 0) {
         int ssl_err = SSL_get_error(ssl, rc);
 
         if (ssl_err == SSL_ERROR_WANT_READ) {
@@ -674,6 +674,10 @@ static apr_status_t ssl_io_input_read(ssl_io_input_ctx_t *ctx,
             char_buffer_write(&ctx->cbuf, buf, rc);
         }
     }
+    else if ((rc == 0) && (errno != EINTR)) {
+        /* something other than SSL_ERROR_WANT_READ */
+        return APR_EOF;
+    }
     else if ((rc == -1) && (ctx->inbio.rc == APR_SUCCESS)) {
         /*
          * bucket read from socket was successful,