From c11c725bb7f01311a314bce5c4840de4d1a02923 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Mon, 31 Mar 2014 14:39:44 +0200
Subject: Close a server writer thread if SSL_write() fails.

Also, don't try to write zero number of octets because OpenSSL might
not like that.

This is for figuring out more about how to treat SSL_write() errors,
https://project.nordu.net/browse/RADSECPROXY-46.
---
 tls.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/tls.c b/tls.c
index 90c3dc9..28c3ec3 100644
--- a/tls.c
+++ b/tls.c
@@ -331,13 +331,27 @@ void *tlsserverwr(void *arg) {
 	}
 	reply = (struct request *)list_shift(replyq->entries);
 	pthread_mutex_unlock(&replyq->mutex);
+        if (RADLEN(reply->replybuf) == 0) {
+            debug(DBG_ERR, "%s: refusing to write 0 octets to %s",
+                  __func__, addr2string(client->addr));
+            freerq(reply);
+            continue;
+        }
 	cnt = SSL_write(client->ssl, reply->replybuf, RADLEN(reply->replybuf));
 	if (cnt > 0)
 	    debug(DBG_DBG, "tlsserverwr: sent %d bytes, Radius packet of length %d to %s",
 		  cnt, RADLEN(reply->replybuf), addr2string(client->addr));
-	else
+	else {
 	    while ((error = ERR_get_error()))
 		debug(DBG_ERR, "tlsserverwr: SSL: %s", ERR_error_string(error, NULL));
+            debug(DBG_ERR, "%s: unexpected SSL_write: ret=%d, error=%d "
+                  "while talking to %s, closing connection",
+                  __func__, cnt, SSL_get_error(client->ssl, cnt),
+                  addr2string(client->addr));
+            freerq(reply);
+            ERR_remove_state(0);
+            pthread_exit(NULL);
+        }
 	freerq(reply);
     }
 }
-- 
cgit v1.1