ssl: Add input sanity check

Avoid puzzling behavior due to options being disregarded if they are not key value tuples.
bjorng · Mar 4, 2014 · 9358afe · 9358afe
1 parent a74e66a
commit 9358afe
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
@@ -557,6 +557,7 @@ do_connect(Address, Port,
 handle_options(Opts0, _Role) ->
     Opts = proplists:expand([{binary, [{mode, binary}]},
 			     {list, [{mode, list}]}], Opts0),
+    assert_proplist(Opts),
     ReuseSessionFun = fun(_, _, _, _) -> true end,
 
     DefaultVerifyNoneFun =
@@ -1042,3 +1043,10 @@ connection_sup(dtls_connection) ->
 binary_filename(FileName) ->
     Enc = file:native_name_encoding(),
     unicode:characters_to_binary(FileName, unicode, Enc).
+
+assert_proplist([]) ->
+    true;
+assert_proplist([{Key,_} | Rest]) when is_atom(Key) ->
+    assert_proplist(Rest);
+assert_proplist([Value | _]) ->
+    throw({option_not_a_key_value_tuple, Value}).
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -96,6 +96,7 @@ basic_tests() ->
 options_tests() ->
     [der_input,
      misc_ssl_options,
+     ssl_options_not_proplist,
      socket_options,
      invalid_inet_get_option,
      invalid_inet_get_option_not_list,
@@ -990,7 +991,7 @@ misc_ssl_options(Config) when is_list(Config) ->
     ServerOpts = ?config(server_opts, Config),
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
-    %% Chek that ssl options not tested elsewhere are filtered away e.i. not passed to inet.
+    %% Check that ssl options not tested elsewhere are filtered away e.i. not passed to inet.
     TestOpts = [{depth, 1}, 
 		{key, undefined}, 
 		{password, []},
@@ -1017,6 +1018,17 @@ misc_ssl_options(Config) when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
+%%--------------------------------------------------------------------
+ssl_options_not_proplist() ->
+    [{doc,"Test what happens if an option is not a key value tuple"}].
+
+ssl_options_not_proplist(Config) when is_list(Config) ->
+    BadOption =  {client_preferred_next_protocols, 
+		  client, [<<"spdy/3">>,<<"http/1.1">>], <<"http/1.1">>},
+    {option_not_a_key_value_tuple, BadOption} =
+	ssl:connect("twitter.com", 443, [binary, {active, false}, 
+					 BadOption]).
+
 %%--------------------------------------------------------------------
 versions() ->
     [{doc,"Test API function versions/0"}].