Merge branch 'raimo/ssl/non_neg_integer-length/GH-7507/OTP-18700' int…

…o maint-25 * raimo/ssl/non_neg_integer-length/GH-7507/OTP-18700: Guard against negative Length
erlang · Sep 7, 2023 · fe8f628 · fe8f628
2 parents 5cb360d + 3936858
commit fe8f628
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
@@ -870,7 +870,7 @@ send(#sslsocket{pid = {ListenSocket, #config{transport_info = Info}}}, Data) ->
 %%--------------------------------------------------------------------
 -spec recv(SslSocket, Length) -> {ok, Data} | {error, reason()} when
       SslSocket :: sslsocket(),
-      Length :: integer(),
+      Length :: non_neg_integer(),
       Data :: binary() | list() | HttpPacket,
       HttpPacket :: any().
 
@@ -879,13 +879,15 @@ recv(Socket, Length) ->
 
 -spec recv(SslSocket, Length, Timeout) -> {ok, Data} | {error, reason()} when
       SslSocket :: sslsocket(),
-      Length :: integer(),
+      Length :: non_neg_integer(),
       Data :: binary() | list() | HttpPacket,
       Timeout :: timeout(),
       HttpPacket :: any().
 
-recv(#sslsocket{pid = [Pid|_]}, Length, Timeout) when is_pid(Pid),
-						  (is_integer(Timeout) andalso Timeout >= 0) or (Timeout == infinity)->
+recv(#sslsocket{pid = [Pid|_]}, Length, Timeout)
+  when is_pid(Pid) andalso
+       (is_integer(Length) andalso Length >= 0) andalso
+       ((is_integer(Timeout) andalso Timeout >= 0) orelse Timeout == infinity) ->
     ssl_gen_statem:recv(Pid, Length, Timeout);
 recv(#sslsocket{pid = {dtls,_}}, _, _) ->
     {error,enotconn};

diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl
@@ -2870,6 +2870,10 @@ controlling_process_result(Socket, Pid, Msg) ->
 controller_dies_result(_Socket, _Pid, _Msg) ->
     receive Result -> Result end.
 send_recv_result_timeout_client(Socket) ->
+    try ssl:recv(Socket, 11, not_infinity) catch error : function_clause -> ok end,
+    try ssl:recv(Socket, 11, -1) catch error : function_clause -> ok end,
+    try ssl:recv(Socket, not_integer, 500) catch error : function_clause -> ok end,
+    try ssl:recv(Socket, -1, 500) catch error : function_clause -> ok end,
     {error, timeout} = ssl:recv(Socket, 11, 500),
     {error, timeout} = ssl:recv(Socket, 11, 0),
     ssl:send(Socket, "Hello world"),