From 6b0e9411ff0f0116d6f9118a870a682a17eea110 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 13 May 2019 10:53:19 -0400 Subject: [PATCH] Fix misuse of an integer as a bool. pgtls_read_pending is declared to return bool, but what the underlying SSL_pending function returns is a count of available bytes. This is actually somewhat harmless if we're using C99 bools, but in the back branches it's a live bug: if the available-bytes count happened to be a multiple of 256, it would get converted to a zero char value. On machines where char is signed, counts of 128 and up could misbehave as well. The net effect is that when using SSL, libpq might block waiting for data even though some has already been received. Broken by careless refactoring in commit 4e86f1b16, so back-patch to 9.5 where that came in. Per bug #15802 from David Binderman. Discussion: https://postgr.es/m/15802-f0911a97f0346526@postgresql.org --- src/interfaces/libpq/fe-misc.c | 2 +- src/interfaces/libpq/fe-secure-openssl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/interfaces/libpq/fe-misc.c b/src/interfaces/libpq/fe-misc.c index 2a6637fdda3..14d042e220e 100644 --- a/src/interfaces/libpq/fe-misc.c +++ b/src/interfaces/libpq/fe-misc.c @@ -1057,7 +1057,7 @@ pqSocketCheck(PGconn *conn, int forRead, int forWrite, time_t end_time) #ifdef USE_SSL /* Check for SSL library buffering read bytes */ - if (forRead && conn->ssl_in_use && pgtls_read_pending(conn) > 0) + if (forRead && conn->ssl_in_use && pgtls_read_pending(conn)) { /* short-circuit the select */ return 1; diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index bbae8eff813..766d4a0b2ce 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -264,7 +264,7 @@ rloop: bool pgtls_read_pending(PGconn *conn) { - return SSL_pending(conn->ssl); + return SSL_pending(conn->ssl) > 0; } ssize_t