Correctly handle an EOF that occurs prior to the TLS handshake completing.

Reported by Vasily Kolobkov, based on a diff from Marko Kreen.

ok beck@

diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c
index 76d00e5..783d320 100644 (file)
--- a/lib/libtls/tls.c
+++ b/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.38 2016/05/27 14:38:40 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.39 2016/07/06 02:32:57 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -418,8 +418,11 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
                if ((err = ERR_peek_error()) != 0) {
                        errstr = ERR_error_string(err, NULL);
                } else if (ssl_ret == 0) {
-                       ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
-                       return (0);
+                       if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
+                               ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
+                               return (0);
+                       }
+                       errstr = "unexpected EOF";
                } else if (ssl_ret == -1) {
                        errstr = strerror(errno);
                }