From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Wed, 15 Jan 2020 14:06:39 +0000 (+0200)
Subject: lib-ssl-iostream: Handle buggy OpenSSL error handling without assert-crash
X-Git-Tag: 2.3.11.2~578
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f41874b3dec541478a85275698a91f089f537df2;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Handle buggy OpenSSL error handling without assert-crash

If OpenSSL returns a syscall failure but provides no error and doesn't set
errno, log it as an OpenSSL bug instead of assert-crashing.
---

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 5b2d8c7a8a..ad605712a0 100644
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -595,14 +595,16 @@ int openssl_iostream_handle_error(struct ssl_iostream *ssl_io, int ret,
 		if (ERR_peek_error() != 0) {
 			errstr = openssl_iostream_error();
 			errno = EINVAL;
-		} else if (ret != 0) {
-			i_assert(errno != 0);
-			errstr = strerror(errno);
-		} else {
+		} else if (ret == 0) {
 			/* EOF. */
 			errno = EPIPE;
 			errstr = "Disconnected";
 			break;
+		} else if (errno != 0) {
+			errstr = strerror(errno);
+		} else {
+			/* Seen this at least with v1.1.0l SSL_accept() */
+			errstr = "OpenSSL BUG: errno=0";
 		}
 		errstr = t_strdup_printf("%s syscall failed: %s",
 					 func_name, errstr);