From cafc916839c04d648e85a8efd822c9bb95832cdf Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Sun, 9 Oct 2005 04:13:32 +0000
Subject: [PATCH] dont read/write to closed ssl context

---
 webcit/ChangeLog |  5 +++++
 webcit/crypto.c  | 15 +++++++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/webcit/ChangeLog b/webcit/ChangeLog
index 81ef96e09..4c1718064 100644
--- a/webcit/ChangeLog
+++ b/webcit/ChangeLog
@@ -1,3 +1,8 @@
+Sun Oct  9 00:12:11 EDT 2005 Art Cancro <ajc@uncensored.citadel.org>
+* serv_crypto.c: don't attempt to continue reading/writing an SSL context
+  that has already been closed.  Doing so crashes the webserver, which
+  some people consider a Bad Thing  :)
+
 Fri Oct  7 23:09:28 EDT 2005 Art Cancro <ajc@uncensored.citadel.org>
 * Makefile: change "CVS" to ".svn" to avoid errors during make install
 
diff --git a/webcit/crypto.c b/webcit/crypto.c
index 98f145079..d55d8791a 100644
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -363,6 +363,8 @@ int starttls(int sock) {
  */
 void endtls(void)
 {
+	if (THREADSSL == NULL) return;
+
 	lprintf(5, "Ending SSL/TLS\n");
 	SSL_shutdown(THREADSSL);
 	SSL_free(THREADSSL);
@@ -390,16 +392,18 @@ void client_write_ssl(char *buf, int nbytes)
 	int nremain;
 	char junk[1];
 
+	if (THREADSSL == NULL) return;
+
 	nremain = nbytes;
 
 	while (nremain > 0) {
 		if (SSL_want_write(THREADSSL)) {
 			if ((SSL_read(THREADSSL, junk, 0)) < 1) {
-				lprintf(9, "SSL_read in client_write: %s\n", ERR_reason_error_string(ERR_get_error()));
+				lprintf(9, "SSL_read in client_write: %s\n",
+						ERR_reason_error_string(ERR_get_error()));
 			}
 		}
-		retval =
-		    SSL_write(THREADSSL, &buf[nbytes - nremain], nremain);
+		retval = SSL_write(THREADSSL, &buf[nbytes - nremain], nremain);
 		if (retval < 1) {
 			long errval;
 
@@ -410,8 +414,9 @@ void client_write_ssl(char *buf, int nbytes)
 				continue;
 			}
 			lprintf(9, "SSL_write got error %ld, ret %d\n", errval, retval);
-			if (retval == -1)
+			if (retval == -1) {
 				lprintf(9, "errno is %d\n", errno);
+			}
 			endtls();
 			return;
 		}
@@ -434,6 +439,8 @@ int client_read_ssl(char *buf, int bytes, int timeout)
 	int len, rlen;
 	char junk[1];
 
+	if (THREADSSL == NULL) return(0);
+
 	len = 0;
 	while (len < bytes) {
 #if 0
-- 
2.30.2