From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 20 Sep 2025 12:29:44 +0000 (+0200)
Subject: socks: make Curl_blockread_all return CURLcode
X-Git-Tag: rc-8_17_0-1~320
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2a5da01e422f0853a2ea3764cde5fa08189d5b91;p=thirdparty%2Fcurl.git

socks: make Curl_blockread_all return CURLcode

Reported in Joshua's sarif data

Closes #18635
---

diff --git a/lib/socks.c b/lib/socks.c
index fc6c9730f8..4cb8619d7b 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -98,14 +98,14 @@ struct socks_state {
  *
  * This is STUPID BLOCKING behavior. Only used by the SOCKS GSSAPI functions.
  */
-int Curl_blockread_all(struct Curl_cfilter *cf,
-                       struct Curl_easy *data,   /* transfer */
-                       char *buf,                /* store read data here */
-                       size_t blen,              /* space in buf */
-                       size_t *pnread)           /* amount bytes read */
+CURLcode Curl_blockread_all(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            char *buf,             /* store read data here */
+                            size_t blen,           /* space in buf */
+                            size_t *pnread)        /* amount bytes read */
 {
   size_t nread = 0;
-  CURLcode err;
+  CURLcode result;
 
   *pnread = 0;
   for(;;) {
@@ -116,21 +116,20 @@ int Curl_blockread_all(struct Curl_cfilter *cf,
     }
     if(!timeout_ms)
       timeout_ms = TIMEDIFF_T_MAX;
-    if(SOCKET_READABLE(cf->conn->sock[cf->sockindex], timeout_ms) <= 0) {
-      return ~CURLE_OK;
-    }
-    err = Curl_conn_cf_recv(cf->next, data, buf, blen, &nread);
-    if(CURLE_AGAIN == err)
+    if(SOCKET_READABLE(cf->conn->sock[cf->sockindex], timeout_ms) <= 0)
+      return CURLE_OPERATION_TIMEDOUT;
+    result = Curl_conn_cf_recv(cf->next, data, buf, blen, &nread);
+    if(CURLE_AGAIN == result)
       continue;
-    else if(err)
-      return (int)err;
+    else if(result)
+      return result;
 
     if(blen == nread) {
       *pnread += nread;
       return CURLE_OK;
     }
     if(!nread) /* EOF */
-      return ~CURLE_OK;
+      return CURLE_RECV_ERROR;
 
     buf += nread;
     blen -= nread;
diff --git a/lib/socks.h b/lib/socks.h
index d60796316f..f76bddc5f4 100644
--- a/lib/socks.h
+++ b/lib/socks.h
@@ -37,11 +37,11 @@
  *
  * This is STUPID BLOCKING behavior
  */
-int Curl_blockread_all(struct Curl_cfilter *cf,
-                       struct Curl_easy *data,
-                       char *buf,
-                       size_t blen,
-                       size_t *pnread);
+CURLcode Curl_blockread_all(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            char *buf,
+                            size_t blen,
+                            size_t *pnread);
 
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
 /*
diff --git a/lib/socks_sspi.c b/lib/socks_sspi.c
index 7af0b081e2..6afc3eac34 100644
--- a/lib/socks_sspi.c
+++ b/lib/socks_sspi.c
@@ -72,7 +72,6 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
   size_t actualread;
   size_t written;
   CURLcode result;
-  int err;
   /* Needs GSS-API authentication */
   SECURITY_STATUS status;
   unsigned long sspi_ret_flags = 0;
@@ -237,10 +236,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
      * +----+------+-----+----------------+
      */
 
-    err = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
-    if(err || (actualread != 4)) {
+    result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
+    if(result || (actualread != 4)) {
       failf(data, "Failed to receive SSPI authentication response.");
-      result = CURLE_COULDNT_CONNECT;
+      if(!result)
+        result = CURLE_COULDNT_CONNECT;
       goto error;
     }
 
@@ -269,12 +269,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
       result = CURLE_OUT_OF_MEMORY;
       goto error;
     }
-    err = Curl_blockread_all(cf, data, (char *)sspi_recv_token.pvBuffer,
-                             sspi_recv_token.cbBuffer, &actualread);
+    result = Curl_blockread_all(cf, data, (char *)sspi_recv_token.pvBuffer,
+                                sspi_recv_token.cbBuffer, &actualread);
 
-    if(err || (actualread != us_length)) {
+    if(result || (actualread != us_length)) {
       failf(data, "Failed to receive SSPI authentication token.");
-      result = CURLE_COULDNT_CONNECT;
+      if(!result)
+        result = CURLE_COULDNT_CONNECT;
       goto error;
     }
 
@@ -453,10 +454,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
     Curl_safefree(etbuf);
   }
 
-  err = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
-  if(err || (actualread != 4)) {
+  result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
+  if(result || (actualread != 4)) {
     failf(data, "Failed to receive SSPI encryption response.");
-    result = CURLE_COULDNT_CONNECT;
+    if(!result)
+      result = CURLE_COULDNT_CONNECT;
     goto error;
   }
 
@@ -485,12 +487,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
     goto error;
   }
 
-  err = Curl_blockread_all(cf, data, (char *)sspi_w_token[0].pvBuffer,
-                           sspi_w_token[0].cbBuffer, &actualread);
+  result = Curl_blockread_all(cf, data, (char *)sspi_w_token[0].pvBuffer,
+                              sspi_w_token[0].cbBuffer, &actualread);
 
-  if(err || (actualread != us_length)) {
+  if(result || (actualread != us_length)) {
     failf(data, "Failed to receive SSPI encryption type.");
-    result = CURLE_COULDNT_CONNECT;
+    if(!result)
+      result = CURLE_COULDNT_CONNECT;
     goto error;
   }