From 6828a867a05987f67d2b187e3d4e140a4410a624 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 22 Aug 2015 14:20:53 +0000
Subject: Make tls_read()/tls_write always set outlen to zero on error - this
 got broken by r1.4.

Spotted by Marko Kreen.
---
 src/lib/libtls/tls.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 246e025e7a..4536bae183 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.12 2015/07/18 22:15:09 bluhm Exp $ */
+/* $OpenBSD: tls.c,v 1.13 2015/08/22 14:20:53 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -290,6 +290,8 @@ tls_read(struct tls *ctx, void *buf, size_t buflen, size_t *outlen)
 {
 	int ssl_ret;
 
+	*outlen = 0;
+
 	if (buflen > INT_MAX) {
 		tls_set_error(ctx, "buflen too long");
 		return (-1);
@@ -301,8 +303,6 @@ tls_read(struct tls *ctx, void *buf, size_t buflen, size_t *outlen)
 		return (0);
 	}
 
-	*outlen = 0;
-
 	return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read"); 
 }
 
@@ -311,6 +311,8 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen, size_t *outlen)
 {
 	int ssl_ret;
 
+	*outlen = 0;
+
 	if (buflen > INT_MAX) {
 		tls_set_error(ctx, "buflen too long");
 		return (-1);
@@ -322,8 +324,6 @@ tls_write(struct tls *ctx, const void *buf, size_t buflen, size_t *outlen)
 		return (0);
 	}
 
-	*outlen = 0;
-
 	return tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write"); 
 }
 
-- 
cgit v1.2.3-55-g6feb