From 667b6f13c78645eb82889150f4f37dd9ed38b192 Mon Sep 17 00:00:00 2001
From: "Jerry (Xinyu Hou)" <xinyu@synergy-project.org>
Date: Fri, 12 Jun 2015 18:03:28 -0700
Subject: [PATCH] Enforced secure socket rewrite on the same buffer address
 #4712

---
 src/lib/net/TCPSocket.cpp | 36 ++++++++++++++++++++++++++----------
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/src/lib/net/TCPSocket.cpp b/src/lib/net/TCPSocket.cpp
index 0be5876b..ab8d189b 100644
--- a/src/lib/net/TCPSocket.cpp
+++ b/src/lib/net/TCPSocket.cpp
@@ -469,33 +469,46 @@ TCPSocket::serviceConnected(ISocketMultiplexerJob* job,
 	}
 
 	bool needNewJob = false;
-	static UInt32 s_retryOutputBufferSize = 0;
+	
+	static bool s_retry = false;
+	static int s_retrySize = 0;
+	static void* s_staticBuffer = NULL;
 
 	if (write) {
 		try {
 			// write data
-			int buffSize = m_outputBuffer.getSize();
+			int bufferSize = 0;
 			int bytesWrote = 0;
 			int status = 0;
 
-			if (s_retryOutputBufferSize > 0) {
-				buffSize = s_retryOutputBufferSize;
+			if (s_retry) {
+				bufferSize = s_retrySize;
 			}
+			else {
+				bufferSize = m_outputBuffer.getSize();
+				s_staticBuffer = malloc(bufferSize);
+				memcpy(s_staticBuffer, m_outputBuffer.peek(bufferSize), bufferSize);
+ 			}
 
-			const void* buffer = m_outputBuffer.peek(buffSize);
+			if (bufferSize == 0) {
+				return job;
+			}
 
 			if (isSecure()) {
 				if (isSecureReady()) {
-					status = secureWrite(buffer, buffSize, bytesWrote);
+					status = secureWrite(s_staticBuffer, bufferSize, bytesWrote);
 					if (status > 0) {
-						s_retryOutputBufferSize = 0;
-
+						s_retry = false;
+						bufferSize = 0;
+						free(s_staticBuffer);
+						s_staticBuffer = NULL;
 					}
 					else if (status < 0) {
 						return NULL;
 					}
 					else if (status == 0) {
-						s_retryOutputBufferSize = buffSize;
+						s_retry = true;
+						s_retrySize = bufferSize;
 						return newJob();
 					}
 				}
@@ -504,7 +517,10 @@ TCPSocket::serviceConnected(ISocketMultiplexerJob* job,
 				}
 			}
 			else {
-				bytesWrote = (UInt32)ARCH->writeSocket(m_socket, buffer, buffSize);
+				bytesWrote = (UInt32)ARCH->writeSocket(m_socket, s_staticBuffer, bufferSize);
+				bufferSize = 0;
+				free(s_staticBuffer);
+				s_staticBuffer = NULL;
 			}
 
 			// discard written data