search

noxxi / p5-io-socket-ssl

IO::Socket::SSL Perl Module
36 stars 60 forks source link

operator precedence error in IO::Socket::SSL::SSL_Context->new #155

Closed mauke closed 4 months ago

mauke commented 4 months ago

Yesterday's 2.087 release contains an unfortunate bug:

$ perl -we 'use IO::Socket::SSL'
Possible precedence issue with control flow operator (return) at /home/mauke/perl5/perlbrew/perls/perl-5.40.0/lib/site_perl/5.40.0/IO/Socket/SSL.pm line 2599.

This is caused by the following code:

            return $psk->{$identity} || $psk->{''} or return
                IO::Socket::SSL->_internal_error(
                "no PSK for given identity '$identity' and no default");

or has lower precedence than return, so this parses as (return $psk->{$identity} || $psk->{''}) or ..., but the ... part is unreachable (because return never returns).

It should probably be

            return $psk->{$identity} || $psk->{''} ||
                IO::Socket::SSL->_internal_error(
                "no PSK for given identity '$identity' and no default");

instead.

(This bug is normally invisible/silent because IO::Socket::SSL doesn't use warnings (in an attempt to stay compatible with 5.005?). But if the -w command-line switch is used, it switches on default warnings in all code that doesn't use warnings explicitly, including modules.)

noxxi commented 4 months ago

Thanks for pointing out the problem. It is fixed in 80315ed1