From: Stefan Eissing <stefan@eissing.org>
Date: Thu, 25 Sep 2025 10:38:02 +0000 (+0200)
Subject: openssl-quic: handle error in SSL_get_stream_read_error_code
X-Git-Tag: rc-8_17_0-1~240
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ee2dd2d6cb9b50dbf7ffd3ada106ba5c09229fa5;p=thirdparty%2Fcurl.git

openssl-quic: handle error in SSL_get_stream_read_error_code

The return code of SSL_get_stream_read_error_code() was not checked
in one location, but others. Make that consistent.

Reported in Joshua's sarif data

Closes #18725
---

diff --git a/lib/vquic/curl_osslq.c b/lib/vquic/curl_osslq.c
index b4cc052ec2..e6278ad961 100644
--- a/lib/vquic/curl_osslq.c
+++ b/lib/vquic/curl_osslq.c
@@ -1264,12 +1264,16 @@ static CURLcode h3_quic_recv(void *reader_ctx,
     else if(SSL_get_stream_read_state(x->s->ssl) ==
             SSL_STREAM_STATE_RESET_REMOTE) {
       uint64_t app_error_code = NGHTTP3_H3_NO_ERROR;
-      SSL_get_stream_read_error_code(x->s->ssl, &app_error_code);
-      CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> RESET, "
-                  "rv=%d, app_err=%" FMT_PRIu64,
-                  x->s->id, rv, (curl_uint64_t)app_error_code);
-      if(app_error_code != NGHTTP3_H3_NO_ERROR) {
+      if(!SSL_get_stream_read_error_code(x->s->ssl, &app_error_code)) {
         x->s->reset = TRUE;
+        return CURLE_RECV_ERROR;
+      }
+      else {
+        CURL_TRC_CF(x->data, x->cf, "[%" FMT_PRId64 "] h3_quic_recv -> RESET, "
+                    "rv=%d, app_err=%" FMT_PRIu64,
+                    x->s->id, rv, (curl_uint64_t)app_error_code);
+        if(app_error_code != NGHTTP3_H3_NO_ERROR)
+          x->s->reset = TRUE;
       }
       x->s->recvd_eos = TRUE;
       return CURLE_OK;