[Pkg-openssl-devel] Bug#168201: Bug Not Found -- Incorrect Cause or More Info Required

[Scott Schaefer]

Based on my reading of the code, your SSL_xmit() routine never calls 
into the SSL library code if size==0.

While I appreciate your report that adding the lines ...
   if (size == 0)  // PTB fight new openssl bug
       return 0;

... "cured the problem", I believe you/someone will need to demonstrate 
how any SSL lib function is invoked in the code below, EVEN WITHOUT THE 
ADDED LINES.

Premise #1: There are only two SSL lib entry points:
     a) result = SSL_write(con, tbuf+off, len);
     b) result = SSL_read(con, tbuf+off, len);

Premise #2:
     Your SSL_xmit() is called from two places.  In both cases:
        con != 0
        size >= 0
     (Other constraints/assertions are not required in this discussion)

Premise #3
     SSL_xmit() returns -1 if buf == 0, regardless of (other) inputs

     Thus, because size >= 0, len >= 0

Premise #5
     SSL_xmit() initializes variables 'result', 'tot', and 'off' to zero
     It also len = size.
     No other statements preceding 'while (len > 0) { ...' have any side 
effects.

     Thus, at while (len > 0) {, all of the following are true:
         result=0
         tot=0
         off=0
         len >= 0   /* because input size >= 0 */

Premise #6
     If size==0, execution continues at end of while, identical to exit: 
label
     Since result=0, statement 'return result' is executed and function 
returns.,

I am open to demonstration the above logic is flawed.

In absence of such demonstration, either something is missing from your 
report, or the problem lies outside of SSL lib code.