From 31889210b9fce939f4250bd55fc65817952f491a Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Thu, 9 Mar 2023 11:55:46 +0100 Subject: [PATCH] secure-transport: fix recv return code handling Return code handling of recv calls were not always correct when an error occured or the connection was closed. Closes #10717 --- lib/vtls/sectransp.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c index 8e9198f1aa..7f55fb5be7 100644 --- a/lib/vtls/sectransp.c +++ b/lib/vtls/sectransp.c @@ -3377,13 +3377,15 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf, DEBUGASSERT(backend); again: + *curlcode = CURLE_OK; err = SSLRead(backend->ssl_ctx, buf, buffersize, &processed); if(err != noErr) { switch(err) { case errSSLWouldBlock: /* return how much we read (if anything) */ - if(processed) + if(processed) { return (ssize_t)processed; + } *curlcode = CURLE_AGAIN; return -1L; break; @@ -3395,7 +3397,7 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf, case errSSLClosedGraceful: case errSSLClosedNoNotify: *curlcode = CURLE_OK; - return -1L; + return 0; break; /* The below is errSSLPeerAuthCompleted; it's not defined in @@ -3406,8 +3408,10 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf, CURLcode result = verify_cert(cf, data, conn_config->CAfile, conn_config->ca_info_blob, backend->ssl_ctx); - if(result) - return result; + if(result) { + *curlcode = result; + return -1; + } } goto again; default: