Close HTTPS socket after various errors

This avoids leaving the socket in an unknown state. We were attempting to
send a request with a stale or out-of-sync socket, and that would make
the *next* request fail too, when it should have opened a new connection
for itself.

We should also make do_https_request() notice that and actually retry for
itself when it fails to even *send* the request, if it was re-using an
already open socket. But currently it doesn't *know* if it's re-using a
socket so that'll require a little more work.

Fixes Debian bug #708928: http://bugs.debian.org/708928

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/http.c b/http.c
index 98693543f394cc929a0780724515dd33dd84d96b..02662999f3fc04ae6185d888b65d895e74a4301f 100644 (file)
--- a/http.c
+++ b/http.c
@@ -197,6 +197,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
        if (openconnect_SSL_gets(vpninfo, buf, sizeof(buf)) < 0) {
                vpn_progress(vpninfo, PRG_ERR,
                             _("Error fetching HTTPS response\n"));
+               openconnect_close_https(vpninfo, 0);
                return -EINVAL;
        }
 
@@ -206,6 +207,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
        if ((!closeconn && strncmp(buf, "HTTP/1.1 ", 9)) || !(*result = atoi(buf+9))) {
                vpn_progress(vpninfo, PRG_ERR,
                             _("Failed to parse HTTP response '%s'\n"), buf);
+               openconnect_close_https(vpninfo, 0);
                return -EINVAL;
        }
 
@@ -219,6 +221,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
                if (i < 0) {
                        vpn_progress(vpninfo, PRG_ERR,
                                     _("Error processing HTTP response\n"));
+                       openconnect_close_https(vpninfo, 0);
                        return -EINVAL;
                }
                colon = strchr(buf, ':');
@@ -296,6 +299,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
                                vpn_progress(vpninfo, PRG_ERR,
                                             _("Response body has negative size (%d)\n"),
                                             bodylen);
+                               openconnect_close_https(vpninfo, 0);
                                return -EINVAL;
                        }
                }
@@ -306,6 +310,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
                                vpn_progress(vpninfo, PRG_ERR,
                                             _("Unknown Transfer-Encoding: %s\n"),
                                             colon);
+                               openconnect_close_https(vpninfo, 0);
                                return -EINVAL;
                        }
                }
@@ -333,6 +338,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
                        if (i < 0) {
                                vpn_progress(vpninfo, PRG_ERR,
                                             _("Error reading HTTP response body\n"));
+                               openconnect_close_https(vpninfo, 0);
                                free(body);
                                return -EINVAL;
                        }
@@ -404,6 +410,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
                        } else if (i < 0) {
                                /* Error */
                                free(body);
+                               openconnect_close_https(vpninfo, 0);
                                return i;
                        } else {
                                /* Connection closed. Reduce allocation to just what we need */