From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Tue, 27 Nov 2018 14:08:18 +0000 (+0100)
Subject: daemon/io: fix insufficient error handling when receiving tls data
X-Git-Tag: v3.2.0~22^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dd7d70b45a760f691d9303f7efe202b55c13a12c;p=thirdparty%2Fknot-resolver.git

daemon/io: fix insufficient error handling when receiving tls data
---

diff --git a/daemon/io.c b/daemon/io.c
index f203fa90c..d752a5106 100644
--- a/daemon/io.c
+++ b/daemon/io.c
@@ -222,6 +222,9 @@ static void tcp_recv(uv_stream_t *handle, ssize_t nread, const uv_buf_t *buf)
 		/* buf->base points to start of the tls receive buffer.
 		   Decode data free space in session wire buffer. */
 		consumed = tls_process_input_data(s, (const uint8_t *)buf->base, nread);
+		if (consumed <= 0) {
+			return;
+		}
 		data = session_wirebuf_get_free_start(s);
 		data_len = consumed;
 	}
diff --git a/daemon/session.c b/daemon/session.c
index a869d6db8..74aa038f5 100644
--- a/daemon/session.c
+++ b/daemon/session.c
@@ -496,6 +496,11 @@ ssize_t session_wirebuf_consume(struct session *session, const uint8_t *data, ss
 		return kr_error(EINVAL);
 	}
 
+	if (len < 0) {
+		/* shouldn't happen */
+		return kr_error(EINVAL);
+	}
+
 	if (session->wire_buf_end_idx + len > session->wire_buf_size) {
 		/* shouldn't happen */
 		return kr_error(EINVAL);