Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#16356 closed defect (fixed)

SSL SocketRead should retry on noErr

Reported by: hpk104 Owned by:
Milestone: Adium 1.5.11 Component: Adium Core
Version: 1.5.4 Severity: normal
Keywords: Cc:
Patch Status:



Sometimes calls to SocketRead return 0 bytes but with errno = 0. Those cases should be handled identically to EAGAIN but instead return a fatal error. This is causing issues with the SIPE plugin connecting to Office365 accounts (and possibly in other plugins?)

Steps to reproduce

With the SIPE plugin the only step needed to reproduce is to configure an Office365 account.

Expected results

Successful connection to server.

Actual results

Connection fails with:

(Libpurple: cdsa) receive failed (-9802): Undefined error: 0


Able to reproduce with Adium 1.5.x on OS 10.8.x; have not tried on earlier Adium or OSX builds.


Identical account configuration and plugin version work under Pidgin on Windows, Linux and Mac. Increasing the receive buffer (to minimize calls to read) also serves as a workaround but is not a true fix.

Change History (17)

comment:1 Changed 4 years ago by sphynx

This seems to make sense (I'm not very familiar with this code myself).

SocketRead checks if the result of read is <= 0, and handles errno == 0 and rrtn == 0 as a errSSLFatalAlert, while that seems to indicate "no data available right now" (why doesn't it set EAGAIN, though?).

comment:2 Changed 4 years ago by Thijs Alkemade <me@…>

  • Resolution set to fixed
  • Status changed from new to closed

(In ef796c40efb0) Fix a read returning 0 in the SocketRead callback for SSL being handled as an error, while it's meant to indicate "no data available".

This would cause disconnections with the error "(Libpurple: cdsa) receive failed (-9802): Undefined error: 0".

Fixes #16356, fixes #15405, fixes #15411, fixes #15741

comment:3 Changed 4 years ago by sbuxhofer


I've opened a new ticket for the sipe client #16402, since it is failing to sign into lync 2010 office 365 accounts using corporate adfs tls auth.

Let me know if you need additional logs or debugs from adium. I;ve attached debugs on the sipe ticket in sourceforge.


comment:4 Changed 3 years ago by Thijs Alkemade <me@…>

(In f8d2f42c499b) Backed out ef796c40efb0: the code can cause busy loops on disconnect, especially with XMPP servers (in particular when prompted to enter a password).

Reverting this change until we have found the exact cause.

Refs #16356, fixes #16431

comment:5 Changed 3 years ago by sphynx

  • Resolution fixed deleted
  • Status changed from closed to new

comment:6 Changed 3 years ago by sphynx

I'm having another look at this and I think the original request was wrong. man 2 read says:

If successful, the number of bytes actually read is returned. Upon reading end-of-file, zero is returned. Otherwise, a -1 is returned and the global variable errno is set to indicate the error.

Therefore, reading 0 bytes must imply the socket is closed, no matter if errno is 0 or EAGAIN. It's true that the code doesn't handle that properly, but the right thing to do when reading 0 bytes is to close the socket.

comment:7 Changed 3 years ago by Thijs Alkemade <me@…>

(In 9b4717820ead) We should not read errno when reading 0 bytes, because it is not set. The connection has been closed.

Refs #16356

comment:8 Changed 3 years ago by blentz

I am having this same issue on Mac OS X 10.9.3, Adium 1.5.10, and SIPE 1.18.1. I am told I managed to duplicate this over at #16773

comment:9 Changed 3 years ago by Robby

Ticket #16773 has been marked as a duplicate of this ticket.

comment:10 Changed 3 years ago by blentz

If I download the 1.5.10 source, and reverse the following changes, I am able to use the SIPE plugin again. However, Yahoo! is broken if I do this. It seems I can't have both.

Hopefully someone much smarter than I can make sense of this.

--- a/adium-1.5.10/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	2014-05-19 14:29:31.000000000 -0400
+++ b/adium-1.5.10/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	2014-05-23 21:01:29.000000000 -0400
@@ -230,10 +230,7 @@
     for(;;) {
         bytesRead = 0;
         rrtn = read(sock, currData, bytesToGo);
-		if (rrtn == 0) {
-			rtn = errSSLClosedGraceful;
-			break;
-		} else if (rrtn < 0) {
+		if (rrtn <= 0) {
             /* this is guesswork... */
             int theErr = errno;
             switch(theErr) {
@@ -244,6 +241,7 @@
                 case ECONNRESET:
                     rtn = errSSLClosedAbort;
+                case 0:
                 case EAGAIN:
                     rtn = errSSLWouldBlock;

Oh, and the same goes for the stuff 1.7hg code in mercurial. If I make these changes, I can break Yahoo! but fix SIPE for Lync on Office/365.

--- c/adium/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	2014-05-23 19:28:05.000000000 -0400
+++ d/adium/Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c	2014-05-23 21:12:51.000000000 -0400
@@ -245,10 +245,7 @@
     for(;;) {
         bytesRead = read(sock, currData, bytesToGo);
-        if (bytesRead == 0) {
-              rtn = errSSLClosedGraceful;
-              break;
-            } else if ( bytesRead < 0 ) {
+        if (bytesRead <= 0) {
             /* this is guesswork... */
             int theErr = errno;
             switch(theErr) {

comment:11 Changed 3 years ago by Thijs Alkemade <me@…>

  • Resolution set to fixed
  • Status changed from new to closed

(In e9b20f65795c) I hope this is the proper fix to #16356: When any data has been read in the SocketRead for-loop, return noErr when we encounter an EOF. On the next call, it will return errSSLClosedGraceful.

This should fix an -9806 (errSSLClosedAbort) error in SIPE.

Fixes #16356

comment:12 Changed 3 years ago by Robby

  • Milestone changed from Adium 1.5.7 to Adium 1.5.11

comment:13 Changed 3 years ago by blentz

I've tested a couple different sets of patches for this issue and found success using the patches posted here:

Applying the hook patch to Adium and the activation in the SIPE plugin results in successful connections to both Lync and Yahoo! and their respective buggy SSL implementations.

I rebuilt both on my machine using the following (not sure why the Adium source doesn't build out of the box without a 'make clean' first, but that's OT and probably something I'm doing wrong). Works on Mac OS X 10.9.3, Adium 1.5.10, and SIPE 1.18.1 with the aforementioned patches.

curl -L "" | tar zxvf -
ln -s adium-1.5.10 adium
curl -L "" | tar zxvf -
cd adium-1.5.10/
curl -L "" | patch -p1
xcodebuild -project Adium.xcodeproj -configuration Release clean
xcodebuild -project Adium.xcodeproj -configuration Release
cd ../pidgin-sipe-1.18.1/src/adium
curl -L "" | patch -p3
xcodebuild -project SIPEAdiumPlugin.xcodeproj -configuration Release -scheme SIPEAdiumPlugin
open ../../../adium-1.5.10/build/Release/

comment:14 Changed 3 years ago by blentz

I have tried testing these patches against a Mac OS X 10.7.5 system. My girlfriend hasn't upgraded yet.

Sadly, I didn't realize there was no support for the SIPE plugin in 10.7 and there is no one maintaining a release for OS X 10.7 or Xcode 4.6… so I'm stuck.

I don't know anything about this code and I gather the fix is supposed to be easy but after several hours of troubleshooting, I'm giving up for the night.

I guess there is some code in use that was introduced in 10.8 and later which prevents us from building (or even moving binaries) to an 'old' 10.7 system. When building on 10.9.3 and moving the binaries to 10.7.5, the SIPE plugin doesn't load at all.

Here's what the build failures look like on 10.7.5 / Xcode 4.6.

I guess we're going to go back to Adium 1.5.9 and disable Yahoo! again… we have to support Lync for work.

/Users/blentz/Desktop/build/pidgin-sipe-1.18.1/src/adium/ESSIPEAccountViewController.m:93:17: error: expected method to read dictionary element not found on object of type 'NSDictionary *'
            if (conn_auth_dict[tmp_key])
/Users/blentz/Desktop/build/pidgin-sipe-1.18.1/src/adium/ESSIPEAccountViewController.m:94:23: error: expected method to read dictionary element not found on object of type 'NSDictionary *'
                tmp = conn_auth_dict[tmp_key];
/Users/blentz/Desktop/build/pidgin-sipe-1.18.1/src/adium/ESSIPEAccountViewController.m:131:29: error: expected method to read dictionary element not found on object of type 'NSDictionary *'
            NSString *tmp = conn_auth_dict[[[value selectedItem] title]];
3 errors generated.


comment:15 Changed 3 years ago by Thijs Alkemade <me@…>

(In 5a28350c3d82) Really fix #16356: After calling SSLRead, first check if any bytes have actually been processed. If that's true, then ignore any error that might have been returned. This actually matches the semantics of read. It feels weird to ignore errors, especially when dealing with TLS, but this seems to match the implementation of SSLRead.

comment:16 Changed 3 years ago by blentz

Here's what I've tried to get Yahoo! support working again on Mac OS X 10.7.5 since receiving this update today. On 10.7, I have Xcode 4.6.3.

  • Built the default branch from; examining Plugins/Purple Service/libpurple_extensions/ssl-cdsa.c, it doesn't appear that the 5a28350c3d82 patch came down with it; it built successfully but it doesn't run at all, crashes with:
Process:         Adium [3389]
Path:            /Users/USER/Desktop/*/
Identifier:      com.adiumX.adiumX
Version:         1.7hg (1.7hg)
Code Type:       X86-64 (Native)
Parent Process:  launchd [237]

Date/Time:       2014-06-03 16:32:10.329 -0400
OS Version:      Mac OS X 10.7.5 (11G63)
Report Version:  9

Interval Since Last Report:          36760 sec
Crashes Since Last Report:           10
Per-App Interval Since Last Report:  6 sec
Per-App Crashes Since Last Report:   3
Anonymous UUID:                      4CE1C048-FA8C-4FBB-BCE8-D3387DE354CB

Crashed Thread:  0  Dispatch queue:

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000

... if you're interested in the whole crash from the default branch build, let me know and I can attach it.

  • Downloaded the Adium 1.5.10 source, built it successfully, and it runs without crashing.
  • Next, I applied just this one patch using:
    curl -L | patch -p1

... which applied successfully, rebuilt successfully, and starts without crashing. However, connecting to Yahoo! still results in "Error: Error reading from Undefined error: 0"

  • Ran a make clean;make from the above directory; it still gives the same error.
  • Deleted the decompressed directory completely, and rebuilt with:
    rm -rf adium-1.5.10
    tar zxvf adium-1.5.10.tgz
    cd adium-1.5.10
    curl -sL | patch -p1
    open ./build/Release-Debug/

... also worked, but still gives "Error: Error reading from Undefined error: 0" when connecting to a Yahoo! account.

As far I can tell, there's either something I needed to have from 1.7hg to go with 5a28350c3d82 in order to make this work - something I can't do because 1.7hg just SIGABRTs - or the changes in 5a28350c3d82 don't fix the problem for 10.7.5.

I can test 5a28350c3d82 on my 10.9.3 system if that's a helpful data point, but I already have a fix for both Yahoo! and SIPE (which also broke with 1.5.10 - the aforementioned patches at that works great on Mac OS X 10.9.3.

Previously provided patches have corrected the issue connecting to the Yahoo! service but they only work on Mac OS X 10.9 and I believe I've read that they never work on anything prior. states "As of Adium 1.5, we support: 10.6.8 and newer" so hopefully there's still hope.

Thank you for your help thus far. Please let me know if there's anything else I can do.

comment:17 Changed 3 years ago by Robby

The recent changes relating to this ticket haven’t gone into the default branch but 1.5.10/1.5.11.

Note: See TracTickets for help on using tickets.