From: David Woodhouse <David.Woodhouse@intel.com>
Date: Tue, 21 May 2013 07:45:50 +0000 (+0100)
Subject: Close HTTPS socket after various errors
X-Git-Tag: v5.01~22
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=e178b2f28bf9483df3170591b6c96b278f98c534;p=users%2Fdwmw2%2Fopenconnect.git

Close HTTPS socket after various errors

This avoids leaving the socket in an unknown state. We were attempting to
send a request with a stale or out-of-sync socket, and that would make
the *next* request fail too, when it should have opened a new connection
for itself.

We should also make do_https_request() notice that and actually retry for
itself when it fails to even *send* the request, if it was re-using an
already open socket. But currently it doesn't *know* if it's re-using a
socket so that'll require a little more work.

Fixes Debian bug #708928: http://bugs.debian.org/708928

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---

diff --git a/http.c b/http.c
index 98693543..02662999 100644
--- a/http.c
+++ b/http.c
@@ -197,6 +197,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 	if (openconnect_SSL_gets(vpninfo, buf, sizeof(buf)) < 0) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("Error fetching HTTPS response\n"));
+		openconnect_close_https(vpninfo, 0);
 		return -EINVAL;
 	}
 
@@ -206,6 +207,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 	if ((!closeconn && strncmp(buf, "HTTP/1.1 ", 9)) || !(*result = atoi(buf+9))) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("Failed to parse HTTP response '%s'\n"), buf);
+		openconnect_close_https(vpninfo, 0);
 		return -EINVAL;
 	}
 
@@ -219,6 +221,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 		if (i < 0) {
 			vpn_progress(vpninfo, PRG_ERR,
 				     _("Error processing HTTP response\n"));
+			openconnect_close_https(vpninfo, 0);
 			return -EINVAL;
 		}
 		colon = strchr(buf, ':');
@@ -296,6 +299,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 				vpn_progress(vpninfo, PRG_ERR,
 					     _("Response body has negative size (%d)\n"),
 					     bodylen);
+				openconnect_close_https(vpninfo, 0);
 				return -EINVAL;
 			}
 		}
@@ -306,6 +310,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 				vpn_progress(vpninfo, PRG_ERR,
 					     _("Unknown Transfer-Encoding: %s\n"),
 					     colon);
+				openconnect_close_https(vpninfo, 0);
 				return -EINVAL;
 			}
 		}
@@ -333,6 +338,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 			if (i < 0) {
 				vpn_progress(vpninfo, PRG_ERR,
 					     _("Error reading HTTP response body\n"));
+				openconnect_close_https(vpninfo, 0);
 				free(body);
 				return -EINVAL;
 			}
@@ -404,6 +410,7 @@ static int process_http_response(struct openconnect_info *vpninfo, int *result,
 			} else if (i < 0) {
 				/* Error */
 				free(body);
+				openconnect_close_https(vpninfo, 0);
 				return i;
 			} else {
 				/* Connection closed. Reduce allocation to just what we need */