From 6f8c5ed00ef7ed01bd0a0659af34bb502fe8e49c Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Wed, 6 Apr 2022 16:43:42 +0100
Subject: [PATCH] esp: Close socket on error

Previously we would just keep trying to read from it and consume all CPU.

Fixes: 389 (hopefully)

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---
 esp.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/esp.c b/esp.c
index d607a4e0..87efa438 100644
--- a/esp.c
+++ b/esp.c
@@ -169,8 +169,15 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout, int readable)
 		}
 		pkt = vpninfo->dtls_pkt;
 		len = recv(vpninfo->dtls_fd, (void *)&pkt->esp, len + sizeof(pkt->esp), 0);
-		if (len <= 0)
-			break;
+		if (len <= 0) {
+			if (!len || errno == EAGAIN || errno == EWOULDBLOCK)
+				break;
+
+			/* On *real* errors, close the UDP socket and try again later. */
+			vpn_perror(vpninfo, "ESP recv()");
+			vpninfo->proto->udp_close(vpninfo);
+			return 0;
+		}
 
 		work_done = 1;
 
-- 
2.50.1