always clear errno when coming back from tls_read tls_write, and tls_close.

this avoids the problem of people checking for return values < 0 and then checking for errno before checking for TLS_READ_AGAIN TLS_WRITE_AGAIN - since we can not guarantee what errno will be set to from the underlying library calls
author: beck <> 2015-09-09 18:22:33 +0000
committer: beck <> 2015-09-09 18:22:33 +0000
commit: 4a79aa2cb1398f29f4fe23724a6ad3e4ba8e3b94 (patch)
tree: 8f59b1bd1832cc9c1d0447bfda4b559c539e960a
parent: f9cb24a08622ed7f37536966cc1eacafe67ae84e (diff)
download: openbsd-4a79aa2cb1398f29f4fe23724a6ad3e4ba8e3b94.tar.gz
openbsd-4a79aa2cb1398f29f4fe23724a6ad3e4ba8e3b94.tar.bz2
openbsd-4a79aa2cb1398f29f4fe23724a6ad3e4ba8e3b94.zip
1 files changed, 20 insertions, 9 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index c7e36a8181..db14d3fc7d 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.16 2015/09/09 17:43:42 beck Exp $ */
+/* $OpenBSD: tls.c,v 1.17 2015/09/09 18:22:33 beck Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -332,42 +332,52 @@ int
 tls_read(struct tls *ctx, void *buf, size_t buflen, size_t *outlen)
 {
        int ssl_ret;
+        int rv = -1;
        *outlen = 0;
        if (buflen > INT_MAX) {
                tls_set_errorx(ctx, "buflen too long");
-                return (-1);
+                goto out;
        }
        ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen);
        if (ssl_ret > 0) {
                *outlen = (size_t)ssl_ret;
-                return (0);
+                rv = 0;
+                goto out;
        }
-        return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read");
+        rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read");
+ out:
+        errno = 0;
+        return (rv);
 }
 int
 tls_write(struct tls *ctx, const void *buf, size_t buflen, size_t *outlen)
 {
        int ssl_ret;
+        int rv = -1;
        *outlen = 0;
        if (buflen > INT_MAX) {
                tls_set_errorx(ctx, "buflen too long");
-                return (-1);
+                goto out;
        }
        ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen);
        if (ssl_ret > 0) {
                *outlen = (size_t)ssl_ret;
-                return (0);
+                rv = 0;
+                goto out;
        }
-        return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");
+        rv =  tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");
+ out:
+        errno = 0;
+        return (rv);
 }
 int
@@ -382,7 +392,7 @@ tls_close(struct tls *ctx)
                        rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret,
                            "shutdown");
                        if (rv == TLS_READ_AGAIN || rv == TLS_WRITE_AGAIN)
-                                return (rv);
+                                goto out;
                }
        }
@@ -402,6 +412,7 @@ tls_close(struct tls *ctx)
                }
                ctx->socket = -1;
        }
+ out:
+        errno = 0;
        return (rv);
 }
author	beck <>	2015-09-09 18:22:33 +0000
committer	beck <>	2015-09-09 18:22:33 +0000
commit	4a79aa2cb1398f29f4fe23724a6ad3e4ba8e3b94 (patch)
tree	8f59b1bd1832cc9c1d0447bfda4b559c539e960a
parent	f9cb24a08622ed7f37536966cc1eacafe67ae84e (diff)
download	openbsd-4a79aa2cb1398f29f4fe23724a6ad3e4ba8e3b94.tar.gz openbsd-4a79aa2cb1398f29f4fe23724a6ad3e4ba8e3b94.tar.bz2 openbsd-4a79aa2cb1398f29f4fe23724a6ad3e4ba8e3b94.zip

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index c7e36a8181..db14d3fc7d 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls.c,v 1.16 2015/09/09 17:43:42 beck Exp $ */	1	/* $OpenBSD: tls.c,v 1.17 2015/09/09 18:22:33 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -332,42 +332,52 @@ int
332	tls_read(struct tls ctx, void buf, size_t buflen, size_t *outlen)	332	tls_read(struct tls ctx, void buf, size_t buflen, size_t *outlen)
333	{	333	{
334	int ssl_ret;	334	int ssl_ret;
		335	int rv = -1;
335		336
336	*outlen = 0;	337	*outlen = 0;
337		338
338	if (buflen > INT_MAX) {	339	if (buflen > INT_MAX) {
339	tls_set_errorx(ctx, "buflen too long");	340	tls_set_errorx(ctx, "buflen too long");
340	return (-1);	341	goto out;
341	}	342	}
342		343
343	ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen);	344	ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen);
344	if (ssl_ret > 0) {	345	if (ssl_ret > 0) {
345	*outlen = (size_t)ssl_ret;	346	*outlen = (size_t)ssl_ret;
346	return (0);	347	rv = 0;
		348	goto out;
347	}	349	}
348		350
349	return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read");	351	rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read");
		352	out:
		353	errno = 0;
		354	return (rv);
350	}	355	}
351		356
352	int	357	int
353	tls_write(struct tls ctx, const void buf, size_t buflen, size_t *outlen)	358	tls_write(struct tls ctx, const void buf, size_t buflen, size_t *outlen)
354	{	359	{
355	int ssl_ret;	360	int ssl_ret;
		361	int rv = -1;
356		362
357	*outlen = 0;	363	*outlen = 0;
358		364
359	if (buflen > INT_MAX) {	365	if (buflen > INT_MAX) {
360	tls_set_errorx(ctx, "buflen too long");	366	tls_set_errorx(ctx, "buflen too long");
361	return (-1);	367	goto out;
362	}	368	}
363		369
364	ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen);	370	ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen);
365	if (ssl_ret > 0) {	371	if (ssl_ret > 0) {
366	*outlen = (size_t)ssl_ret;	372	*outlen = (size_t)ssl_ret;
367	return (0);	373	rv = 0;
		374	goto out;
368	}	375	}
369		376
370	return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");	377	rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");
		378	out:
		379	errno = 0;
		380	return (rv);
371	}	381	}
372		382
373	int	383	int
@@ -382,7 +392,7 @@ tls_close(struct tls *ctx)
382	rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret,	392	rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret,
383	"shutdown");	393	"shutdown");
384	if (rv == TLS_READ_AGAIN \|\| rv == TLS_WRITE_AGAIN)	394	if (rv == TLS_READ_AGAIN \|\| rv == TLS_WRITE_AGAIN)
385	return (rv);	395	goto out;
386	}	396	}
387	}	397	}
388		398
@@ -402,6 +412,7 @@ tls_close(struct tls *ctx)
402	}	412	}
403	ctx->socket = -1;	413	ctx->socket = -1;
404	}	414	}
405		415	out:
		416	errno = 0;
406	return (rv);	417	return (rv);
407	}	418	}