From a165b66fc7e2bb58579ca6221f7161c06631dd31 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Thu, 14 Jul 2022 23:33:26 +0300 Subject: [PATCH] TLS: clear 'errno' when handling SSL status Sometimes tls_do_bio() might be called when there is no new data to process (most notably, when resuming reads), in such a case internal TLS session state will remain untouched and old value in 'errno' will alter the result of SSL_get_error() call, possibly making it to return SSL_ERROR_SYSCALL. This value will be treated as an error, and will lead to closing the connection, which is not what expected. --- lib/isc/netmgr/tlsstream.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c index a7cebd4669..fb5ce01219 100644 --- a/lib/isc/netmgr/tlsstream.c +++ b/lib/isc/netmgr/tlsstream.c @@ -497,6 +497,7 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data, } } } + errno = 0; tls_status = SSL_get_error(sock->tlsstream.tls, rv); saved_errno = errno;