From: Kevin Hester <kevinh@geeksville.com>
Date: Thu, 30 May 2013 22:12:41 +0000 (-0700)
Subject: BUG: ssl: send payload gets corrupted if tune.ssl.maxrecord is used
X-Git-Tag: v1.5-dev19~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cad8234b00c52ca1ec96f78158bc9a734fa73ec1;p=thirdparty%2Fhaproxy.git

BUG: ssl: send payload gets corrupted if tune.ssl.maxrecord is used

We were using "tune.ssl.maxrecord 2000" and discovered an interesting
problem: SSL data sent from the server to the client showed occasional
corruption of the payload data.

The root cause was:
When ssl_max_record is smaller than the requested send amount
the ring buffer wrapping wasn't properly adjusting the
number of bytes to send.

I solved this by selecting the initial size based on the number
of output bytes that can be sent without splitting _before_ checking
against ssl_max_record.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 38e95a8515..a99fe3f921 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1318,15 +1318,11 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
 	 * in which case we accept to do it once again.
 	 */
 	while (buf->o) {
-		try = buf->o;
+		try = bo_contig_data(buf);
 
 		if (global.tune.ssl_max_record && try > global.tune.ssl_max_record)
 			try = global.tune.ssl_max_record;
 
-		/* outgoing data may wrap at the end */
-		if (buf->data + try > buf->p)
-			try = buf->data + try - buf->p;
-
 		ret = SSL_write(conn->xprt_ctx, bo_ptr(buf), try);
 		if (conn->flags & CO_FL_ERROR) {
 			/* CO_FL_ERROR may be set by ssl_sock_infocbk */