From: Olivier Houchard <cognet@ci0.org>
Date: Wed, 1 May 2019 15:24:36 +0000 (+0200)
Subject: BUG/MEDIUM: ssl: Don't pretend we can retry a recv/send if we got a shutr/w.
X-Git-Tag: v2.0-dev3~139
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b51937ebaa8813de233e603a481d9d7d53935609;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl: Don't pretend we can retry a recv/send if we got a shutr/w.

In ha_ssl_write() and ha_ssl_read(), don't pretend we can retry a read/write
if we got a shutr/shutw, or we will never properly shutdown the connection.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 015943ee61..b26c4fd9d6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -271,10 +271,11 @@ static int ha_ssl_write(BIO *h, const char *buf, int num)
 	tmpbuf.data = num;
 	tmpbuf.head = 0;
 	ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
-	if (ret == 0 && !(ctx->conn->flags & CO_FL_ERROR)) {
+	if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
 		BIO_set_retry_write(h);
 		ret = -1;
-	}
+	} else if (ret == 0)
+		 BIO_clear_retry_flags(h);
 	return ret;
 }
 
@@ -306,10 +307,11 @@ static int ha_ssl_read(BIO *h, char *buf, int size)
 	tmpbuf.data = 0;
 	tmpbuf.head = 0;
 	ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
-	if (ret == 0 && !(ctx->conn->flags & CO_FL_ERROR)) {
+	if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
 		BIO_set_retry_read(h);
 		ret = -1;
-	}
+	} else if (ret == 0)
+		BIO_clear_retry_flags(h);
 
 	return ret;
 }