Fix misuse of an integer as a bool.

pgtls_read_pending is declared to return bool, but what the underlying
SSL_pending function returns is a count of available bytes.

This is actually somewhat harmless if we're using C99 bools, but in
the back branches it's a live bug: if the available-bytes count happened
to be a multiple of 256, it would get converted to a zero char value.
On machines where char is signed, counts of 128 and up could misbehave
as well.  The net effect is that when using SSL, libpq might block
waiting for data even though some has already been received.

Broken by careless refactoring in commit 4e86f1b16, so back-patch
to 9.5 where that came in.

Per bug #15802 from David Binderman.

Discussion: https://postgr.es/m/15802-f0911a97f0346526@postgresql.org

diff --git a/src/interfaces/libpq/fe-misc.c b/src/interfaces/libpq/fe-misc.c
index 32da8ca4616b55dc7a8494b04a28afc8eddbeac7..7b3a34f3d65b2fd6b916192ca0e33c2fe810567f 100644 (file)
--- a/src/interfaces/libpq/fe-misc.c
+++ b/src/interfaces/libpq/fe-misc.c
@@ -1064,7 +1064,7 @@ pqSocketCheck(PGconn *conn, int forRead, int forWrite, time_t end_time)
 
 #ifdef USE_SSL
        /* Check for SSL library buffering read bytes */
-       if (forRead && conn->ssl_in_use && pgtls_read_pending(conn) > 0)
+       if (forRead && conn->ssl_in_use && pgtls_read_pending(conn))
        {
                /* short-circuit the select */
                return 1;

diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index cdb006409db0c5fc0ce9c45c68155c078ec2a26a..0f98ef6590ec780e3e2b19f308a881cfb715b028 100644 (file)
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -152,7 +152,7 @@ pgtls_open_client(PGconn *conn)
 bool
 pgtls_read_pending(PGconn *conn)
 {
-       return SSL_pending(conn->ssl);
+       return SSL_pending(conn->ssl) > 0;
 }
 
 /*