From b0b33fe71d52ed65774b5ae24fa038b42ad7a235 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 6 Feb 2023 17:52:44 +0100
Subject: [PATCH] openssl: fix "Improper use of negative value"

By getting the socket first and returning error in case of bad socket.

Detected by Coverity.

Closes #10423
---
 lib/vtls/openssl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index b56fe30d49..84621ff1eb 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1814,7 +1814,10 @@ static int ossl_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data)
 #ifdef MSG_PEEK
   char buf;
   ssize_t nread;
-  nread = recv((RECV_TYPE_ARG1)Curl_conn_cf_get_socket(cf, data),
+  curl_socket_t sock = Curl_conn_cf_get_socket(cf, data);
+  if(sock == CURL_SOCKET_BAD)
+    return 0; /* no socket, consider closed */
+  nread = recv((RECV_TYPE_ARG1)sock,
                (RECV_TYPE_ARG2)&buf, (RECV_TYPE_ARG3)1,
                (RECV_TYPE_ARG4)MSG_PEEK);
   if(nread == 0)
-- 
2.47.2