From 3959469f240edb6c1f43976bbb72a0ba9105a6b1 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Wed, 25 Sep 2019 15:03:09 -0700
Subject: Fix keyword argument separation issues in
 OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock

It's unlikely anyone would actually hit these.  The methods are
private, you only hit this code path if calling these methods
before performing the SSL connection, and there is already a
verbose warning issued.
---
 ext/openssl/ossl_ssl.c   | 17 +++++++++++++----
 test/openssl/test_ssl.rb | 15 +++++++++++++++
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 587ca2473f..64d7a84066 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1881,8 +1881,13 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
 	ID meth = nonblock ? rb_intern("read_nonblock") : rb_intern("sysread");
 
 	rb_warning("SSL session is not started yet.");
-	if (nonblock)
-	    return rb_funcall(io, meth, 3, len, str, opts);
+	if (nonblock) {
+            VALUE argv[3];
+            argv[0] = len;
+            argv[1] = str;
+            argv[2] = opts;
+            return rb_funcallv_kw(io, meth, 3, argv, RB_PASS_KEYWORDS);
+        }
 	else
 	    return rb_funcall(io, meth, 2, len, str);
     }
@@ -1972,8 +1977,12 @@ ossl_ssl_write_internal(VALUE self, VALUE str, VALUE opts)
 	    rb_intern("write_nonblock") : rb_intern("syswrite");
 
 	rb_warning("SSL session is not started yet.");
-	if (nonblock)
-	    return rb_funcall(io, meth, 2, str, opts);
+	if (nonblock) {
+            VALUE argv[2];
+            argv[0] = str;
+            argv[1] = opts;
+            return rb_funcallv_kw(io, meth, 2, argv, RB_PASS_KEYWORDS);
+        }
 	else
 	    return rb_funcall(io, meth, 1, str);
     }
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index dad9a43779..940bc135ed 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -155,6 +155,21 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
     }
   end
 
+  def test_sysread_nonblock_and_syswrite_nonblock_keywords
+    start_server(ignore_listener_error: true) do |port|
+      sock = TCPSocket.new("127.0.0.1", port)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock)
+
+      assert_warn ("") do
+        ssl.send(:syswrite_nonblock, "1", exception: false)
+        ssl.send(:sysread_nonblock, 1, exception: false) rescue nil
+        ssl.send(:sysread_nonblock, 1, String.new, exception: false) rescue nil
+      end
+    ensure
+      sock&.close
+    end
+  end
+
   def test_sync_close
     start_server { |port|
       begin
-- 
cgit v1.2.3