From cad8234b00c52ca1ec96f78158bc9a734fa73ec1 Mon Sep 17 00:00:00 2001 From: Kevin Hester Date: Thu, 30 May 2013 15:12:41 -0700 Subject: [PATCH] BUG: ssl: send payload gets corrupted if tune.ssl.maxrecord is used We were using "tune.ssl.maxrecord 2000" and discovered an interesting problem: SSL data sent from the server to the client showed occasional corruption of the payload data. The root cause was: When ssl_max_record is smaller than the requested send amount the ring buffer wrapping wasn't properly adjusting the number of bytes to send. I solved this by selecting the initial size based on the number of output bytes that can be sent without splitting _before_ checking against ssl_max_record. --- src/ssl_sock.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 38e95a851..a99fe3f92 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1318,15 +1318,11 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl * in which case we accept to do it once again. */ while (buf->o) { - try = buf->o; + try = bo_contig_data(buf); if (global.tune.ssl_max_record && try > global.tune.ssl_max_record) try = global.tune.ssl_max_record; - /* outgoing data may wrap at the end */ - if (buf->data + try > buf->p) - try = buf->data + try - buf->p; - ret = SSL_write(conn->xprt_ctx, bo_ptr(buf), try); if (conn->flags & CO_FL_ERROR) { /* CO_FL_ERROR may be set by ssl_sock_infocbk */