diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2018-09-27 14:20:46 +0200 |
---|---|---|
committer | André Klitzing <aklitzing@gmail.com> | 2018-09-28 21:08:16 +0000 |
commit | ef4ba0285f9c5dd5ee2dca1e0cefee45eba3477c (patch) | |
tree | 8e58bf2832707e01f1fdfe998428f4a6b5a4fedc /src/network | |
parent | 3ed8dc37884bac67414c0840e27b5094a69cfdcd (diff) |
SSL: Don't write to closed socket or write to deallocated buffer
Change-Id: I061848ae570b382d640f8e46a1c54aeaeddbd77d
Fixes: QTBUG-61307
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index cecb4fb753..11f8a40199 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -675,7 +675,8 @@ void QSslSocketBackendPrivate::transmit() // Check if we've got any data to be written to the socket. QVarLengthArray<char, 4096> data; int pendingBytes; - while (plainSocket->isValid() && (pendingBytes = q_BIO_pending(writeBio)) > 0) { + while (plainSocket->isValid() && (pendingBytes = q_BIO_pending(writeBio)) > 0 + && plainSocket->openMode() != QIODevice::NotOpen) { // Read encrypted data from the write BIO into a buffer. data.resize(pendingBytes); int encryptedBytesRead = q_BIO_read(writeBio, data.data(), pendingBytes); @@ -760,6 +761,10 @@ void QSslSocketBackendPrivate::transmit() int readBytes = 0; const int bytesToRead = 4096; do { + if (readChannelCount == 0) { + // The read buffer is deallocated, don't try resize or write to it. + break; + } // Don't use SSL_pending(). It's very unreliable. readBytes = q_SSL_read(ssl, buffer.reserve(bytesToRead), bytesToRead); if (readBytes > 0) { |