php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45382 [PATCH] timeout bug in stream_socket_enable_crypto
Submitted: 2008-06-27 19:11 UTC Modified: 2008-09-11 23:57 UTC
From: vnegrier at optilian dot com Assigned:
Status: Closed Package: OpenSSL related
PHP Version: 5.2.6 OS: linux 2.6
Private report: No CVE-ID:
 [2008-06-27 19:11 UTC] vnegrier at optilian dot com
Description:
------------
there's a bug in the stream_socket_enable_crypto() timeout test: the "timeout" var is only decremented when tve.sec and tvs.sec differ because (at least with gcc-4.3.1) "tv_usec / 1000000" is cast as int, leading to timeout inaccuracy, fix below :

--- xp_ssl.c.orig       2008-06-27 21:02:58.000000000 +0200
+++ xp_ssl.c    2008-06-27 21:03:07.000000000 +0200
@@ -418,7 +418,7 @@
                                n = SSL_connect(sslsock->ssl_handle);
                                gettimeofday(&tve, &tz);

-                               timeout -= (tve.tv_sec + tve.tv_usec / 1000000) - (tvs.tv_sec + tvs.tv_usec / 1000000);
+                               timeout -= (tve.tv_sec + (float)tve.tv_usec / 1000000) - (tvs.tv_sec + (float)tvs.tv_usec / 1000000);
                                if (timeout < 0) {
                                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL: connection timeout");
                                        return -1;



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-11 23:57 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 01:01:59 2014 UTC