From: Martin Panter <vadmium+py@gmail.com>
Date: Mon, 11 Jul 2016 00:17:13 +0000 (+0000)
Subject: Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOF
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8c6849bfe6ccc0e508e23df385b4ca61c7e00236;p=python

Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOF
---

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 659d0dfa95..29922e7a0c 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2622,20 +2622,13 @@ else:
                         # consume data
                         s.read()
 
-                data = b"data"
-
                 # read(-1, buffer) is supported, even though read(-1) is not
+                data = b"data"
                 s.send(data)
                 buffer = bytearray(len(data))
                 self.assertEqual(s.read(-1, buffer), len(data))
                 self.assertEqual(buffer, data)
 
-                # recv/read(0) should return no data
-                s.send(data)
-                self.assertEqual(s.recv(0), b"")
-                self.assertEqual(s.read(0), b"")
-                self.assertEqual(s.read(), data)
-
                 s.write(b"over\n")
 
                 self.assertRaises(ValueError, s.recv, -1)
@@ -2643,6 +2636,26 @@ else:
 
                 s.close()
 
+        def test_recv_zero(self):
+            server = ThreadedEchoServer(CERTFILE)
+            server.__enter__()
+            self.addCleanup(server.__exit__, None, None)
+            s = socket.create_connection((HOST, server.port))
+            self.addCleanup(s.close)
+            s = ssl.wrap_socket(s, suppress_ragged_eofs=False)
+            self.addCleanup(s.close)
+
+            # recv/read(0) should return no data
+            s.send(b"data")
+            self.assertEqual(s.recv(0), b"")
+            self.assertEqual(s.read(0), b"")
+            self.assertEqual(s.read(), b"data")
+
+            # Should not block if the other end sends no data
+            s.setblocking(False)
+            self.assertEqual(s.recv(0), b"")
+            self.assertEqual(s.recv_into(bytearray()), 0)
+
         def test_handshake_timeout(self):
             # Issue #5103: SSL handshake must respect the socket timeout
             server = socket.socket(socket.AF_INET)
diff --git a/Misc/NEWS b/Misc/NEWS
index 9f5075c389..2622999016 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -17,6 +17,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #23804: Fix SSL zero-length recv() calls to not block and not raise
+  an error about unclean EOF.
+
 - Issue #27466: Change time format returned by http.cookie.time2netscape,
   confirming the netscape cookie format and making it consistent with
   documentation.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index def24c246b..4572751a85 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1702,6 +1702,10 @@ static PyObject *PySSL_SSLread(PySSLSocket *self, PyObject *args)
         dest = PyBytes_FromStringAndSize(NULL, len);
         if (dest == NULL)
             goto error;
+        if (len == 0) {
+            Py_XDECREF(sock);
+            return dest;
+        }
         mem = PyBytes_AS_STRING(dest);
     }
     else {
@@ -1714,6 +1718,10 @@ static PyObject *PySSL_SSLread(PySSLSocket *self, PyObject *args)
                                 "maximum length can't fit in a C 'int'");
                 goto error;
             }
+            if (len == 0) {
+                count = 0;
+                goto done;
+            }
         }
     }