From 0f0fac70a14fc489eab91888772073ed1259b633 Mon Sep 17 00:00:00 2001 From: Valentin Bartenev Date: Mon, 28 Jan 2013 15:40:25 +0000 Subject: [PATCH] SSL: avoid calling SSL_write() with zero data size. According to documentation, calling SSL_write() with num=0 bytes to be sent results in undefined behavior. We don't currently call ngx_ssl_send_chain() with empty chain and buffer. This check handles the case of a chain with total data size that is a multiple of NGX_SSL_BUFSIZE, and with the special buffer at the end. In practice such cases resulted in premature connection close and critical error "SSL_write() failed (SSL:)" in the error log. --- src/event/ngx_event_openssl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index c27dba91c..d288bc817 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1213,6 +1213,12 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) size = buf->last - buf->pos; + if (size == 0) { + buf->flush = 0; + c->buffered &= ~NGX_SSL_BUFFERED; + return in; + } + n = ngx_ssl_write(c, buf->pos, size); if (n == NGX_ERROR) {