From 1a7bd492d52c3b362b7009221cc6951f067f159f Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Fri, 9 Oct 2015 04:13:34 +0000
Subject: fix a gotcha in the connect refactoring, that could result in
 dropping through and trying to bind failed v6 connects. ok guenther

---
 src/lib/libtls/tls_client.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index 68b0f32226..6bb24cd512 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.31 2015/10/08 20:13:45 guenther Exp $ */
+/* $OpenBSD: tls_client.c,v 1.32 2015/10/09 04:13:34 deraadt Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -118,6 +118,7 @@ tls_connect_servername(struct tls *ctx, const char *host, const char *port,
 	}
 
 	/* It was resolved somehow; now try connecting to what we got */
+	s = -1;
 	for (res = res0; res; res = res->ai_next) {
 		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
 		if (s == -1) {
@@ -135,6 +136,9 @@ tls_connect_servername(struct tls *ctx, const char *host, const char *port,
 	}
 	freeaddrinfo(res0);
 
+	if (s == -1)
+		goto err;
+
 	if (servername == NULL)
 		servername = h;
 
-- 
cgit v1.2.3-55-g6feb