Fix: Corrected how reads from TLS report errors

src/client.c

@@ -397,7 +397,7 @@ int client_read_bytes(client_t *client, void *buf, unsigned len)
     }
 
     if (bytes == -1 && client->con->error)
-        ICECAST_LOG_DEBUG("reading from connection has failed");
+        ICECAST_LOG_DEBUG("reading from connection has failed (client=%p, con=%p)", client, client->con);
 
     fastevent_emit(FASTEVENT_TYPE_CLIENT_READ, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_OBRD, client, buf, (size_t)len, (ssize_t)bytes);
 

src/connection.c

@@ -407,6 +407,10 @@ static int connection_read_tls(connection_t *con, void *buf, size_t len)
     ssize_t bytes = tls_read(con->tls, buf, len);
 
     if (bytes <= 0) {
+        if (tls_error(con->tls)) {
+            ICECAST_LOG_DEBUG("Client hit TLS error (con=%p, tls=%p)", con, con->tls);
+            con->error = 1;
+        }
         if (tls_want_io(con->tls) > 0)
             return -1;
         con->error = 1;
@@ -763,7 +767,7 @@ static client_slurp_result_t process_request_body_queue_one(client_queue_entry_t
         }
 
         if (res != CLIENT_SLURP_SUCCESS) {
-            if (client->con->con_time <= timeout || client->request_body_read >= body_size_limit) {
+            if (client->con->con_time <= timeout || client->request_body_read >= body_size_limit || client->con->error) {
                 return CLIENT_SLURP_ERROR;
             }
         }
@@ -1147,7 +1151,7 @@ static void * _handle_connection(client_queue_t *queue)
                 httpp_initialize(parser, NULL);
                 client->parser = parser;
             }
-            if (already_parsed || httpp_parse (parser, client->refbuf->data, node->offset)) {
+            if ((already_parsed || httpp_parse (parser, client->refbuf->data, node->offset)) && !client->con->error) {
                 client->refbuf->len = 0;
 
                 /* early check if we need more data */
@@ -1187,7 +1191,7 @@ static void * _handle_connection(client_queue_t *queue)
                 client_queue_add(&_handle_queue, node);
             } else {
                 free_client_node(node);
-                ICECAST_LOG_ERROR("HTTP request parsing failed");
+                ICECAST_LOG_ERROR("HTTP request parsing failed (client=%p)", client);
                 client_destroy (client);
             }
         } else {

src/tls.c

@@ -52,6 +52,7 @@ struct tls_tag {
     size_t refc;
     SSL *ssl;
     tls_ctx_t *ctx;
+    bool error;
 };
 
 void       tls_initialize(void)
@@ -241,10 +242,22 @@ int        tls_got_shutdown(tls_t *tls)
 
 ssize_t    tls_read(tls_t *tls, void *buffer, size_t len)
 {
+    int ret;
+
     if (!tls)
         return -1;
 
-    return SSL_read(tls->ssl, buffer, len);
+    ret = SSL_read(tls->ssl, buffer, len);
+    ICECAST_LOG_DDEBUG("Read on TLS (tls=%o, ret=%i)", tls, ret);
+
+    if (ret <= 0 && !tls->error) {
+        int error = SSL_get_error(tls->ssl, ret);
+        ICECAST_LOG_DEBUG("Zero read on TLS (tls=%p, ret=%i, error=%i)", tls, ret, error);
+        if (error == SSL_ERROR_SYSCALL || error == SSL_ERROR_SSL)
+            tls->error = true;
+    }
+
+    return ret;
 }
 ssize_t    tls_write(tls_t *tls, const void *buffer, size_t len)
 {
@@ -269,6 +282,13 @@ ssize_t    tls_write(tls_t *tls, const void *buffer, size_t len)
 
     return ret;
 }
+
+bool       tls_error(tls_t *tls) {
+    if (!tls)
+        return true;
+
+    return tls->error;
+}
 #else
 void       tls_initialize(void)
 {
@@ -325,4 +345,8 @@ ssize_t    tls_write(tls_t *tls, const void *buffer, size_t len)
     return -1;
 }
 
+bool       tls_error(tls_t *tls) {
+    return true;
+}
+
 #endif

src/tls.h

@@ -9,6 +9,8 @@
 #ifndef __TLS_H__
 #define __TLS_H__
 
+#include <stdbool.h>
+
 #include "common/net/sock.h"
 
 /* Do we have TLS Support? */
@@ -44,4 +46,6 @@ int        tls_got_shutdown(tls_t *tls);
 ssize_t    tls_read(tls_t *tls, void *buffer, size_t len);
 ssize_t    tls_write(tls_t *tls, const void *buffer, size_t len);
 
+bool       tls_error(tls_t *tls);
+
 #endif