[openssl] OpenSSL_1_1_1-stable update

Richard Levitte levitte at openssl.org
Thu Aug 22 12:48:27 UTC 2019

The branch OpenSSL_1_1_1-stable has been updated
       via  8be96f236969caabf303bec389a2f812b4869c1c (commit)
      from  378d53ec4d2027b6f797198eebca5e50d42959d4 (commit)

- Log -----------------------------------------------------------------
commit 8be96f236969caabf303bec389a2f812b4869c1c
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Aug 22 13:34:16 2019 +0200

    openssl dgst, openssl enc: check for end of input
    The input reading loop in 'openssl dgst' and 'openssl enc' doesn't
    check for end of input, and because of the way BIO works, it thereby
    won't detect that the end is reached before the read is an error.
    With the FILE BIO, an error occurs when trying to read past EOF, which
    is fairly much ok, except when the command is used interactively, at
    least on Unix.  The result in that case is that the user has to press
    Ctrl-D twice for the command to terminate.
    The issue is further complicated because both these commands use
    filter BIOs on top of the FILE BIO, so a naïve attempt to check
    BIO_eof() doesn't quite solve it, since that only checks the state of
    the source/sink BIO, and the filter BIO may have some buffered data
    that still needs to be read.  Fortunately, there's BIO_pending() that
    checks exactly that, if any filter BIO has pending data that needs to
    be processed.
    We end up having to check both BIO_pending() and BIO_eof().
    Thanks to Zsigmond Lőrinczy for the initial effort and inspiration.
    Fixes #9355
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/9668)
    (cherry picked from commit 8ed7bbb411d2a9e0edef928958ad955e0be3d6dd)


Summary of changes:
 apps/dgst.c | 2 +-
 apps/enc.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/dgst.c b/apps/dgst.c
index d158a0ccb2..6e86fa410a 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -421,7 +421,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
     size_t len;
     int i;
-    for (;;) {
+    while (BIO_pending(bp) || !BIO_eof(bp)) {
         i = BIO_read(bp, (char *)buf, BUFSIZE);
         if (i < 0) {
             BIO_printf(bio_err, "Read Error in %s\n", file);
diff --git a/apps/enc.c b/apps/enc.c
index de33e57a5f..d1772f3eb9 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -586,7 +586,7 @@ int enc_main(int argc, char **argv)
     if (benc != NULL)
         wbio = BIO_push(benc, wbio);
-    for (;;) {
+    while (BIO_pending(rbio) || !BIO_eof(rbio)) {
         inl = BIO_read(rbio, (char *)buff, bsize);
         if (inl <= 0)

More information about the openssl-commits mailing list