Overview

File 0810-Guard-against-negative-Length.patch of Package erlang

From 39368582c94d8978b9c30d65e8441fb38c6e7016 Mon Sep 17 00:00:00 2001
From: Raimo Niskanen <raimo@erlang.org>
Date: Wed, 2 Aug 2023 14:13:22 +0200
Subject: [PATCH] Guard against negative Length

---
 lib/ssl/src/ssl.erl            | 10 ++++++----
 lib/ssl/test/ssl_api_SUITE.erl |  4 ++++
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index ad5028655d..9af1c60074 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -870,7 +870,7 @@ send(#sslsocket{pid = {ListenSocket, #config{transport_info = Info}}}, Data) ->
 %%--------------------------------------------------------------------
 -spec recv(SslSocket, Length) -> {ok, Data} | {error, reason()} when
       SslSocket :: sslsocket(),
-      Length :: integer(),
+      Length :: non_neg_integer(),
       Data :: binary() | list() | HttpPacket,
       HttpPacket :: any().
 
@@ -879,13 +879,15 @@ recv(Socket, Length) ->
 
 -spec recv(SslSocket, Length, Timeout) -> {ok, Data} | {error, reason()} when
       SslSocket :: sslsocket(),
-      Length :: integer(),
+      Length :: non_neg_integer(),
       Data :: binary() | list() | HttpPacket,
       Timeout :: timeout(),
       HttpPacket :: any().
 
-recv(#sslsocket{pid = [Pid|_]}, Length, Timeout) when is_pid(Pid),
-						  (is_integer(Timeout) andalso Timeout >= 0) or (Timeout == infinity)->
+recv(#sslsocket{pid = [Pid|_]}, Length, Timeout)
+  when is_pid(Pid) andalso
+       (is_integer(Length) andalso Length >= 0) andalso
+       ((is_integer(Timeout) andalso Timeout >= 0) orelse Timeout == infinity) ->
     ssl_gen_statem:recv(Pid, Length, Timeout);
 recv(#sslsocket{pid = {dtls,_}}, _, _) ->
     {error,enotconn};
diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl
index fc56323afd..878d4bc231 100644
--- a/lib/ssl/test/ssl_api_SUITE.erl
+++ b/lib/ssl/test/ssl_api_SUITE.erl
@@ -2868,6 +2868,10 @@ controlling_process_result(Socket, Pid, Msg) ->
 controller_dies_result(_Socket, _Pid, _Msg) ->
     receive Result -> Result end.
 send_recv_result_timeout_client(Socket) ->
+    try ssl:recv(Socket, 11, not_infinity) catch error : function_clause -> ok end,
+    try ssl:recv(Socket, 11, -1) catch error : function_clause -> ok end,
+    try ssl:recv(Socket, not_integer, 500) catch error : function_clause -> ok end,
+    try ssl:recv(Socket, -1, 500) catch error : function_clause -> ok end,
     {error, timeout} = ssl:recv(Socket, 11, 500),
     {error, timeout} = ssl:recv(Socket, 11, 0),
     ssl:send(Socket, "Hello world"),
-- 
2.35.3
openSUSE Build Service is sponsored by
Places