From d5baed3f18b6451b2f65641be9ae5d3f96b0f2b7 Mon Sep 17 00:00:00 2001
From: yrutschle <git1@rutschle.net>
Date: Mon, 13 May 2019 15:21:22 +0200
Subject: [PATCH] Fix fd2fd return value which should not be -1 on error

---
 common.c      | 20 ++++++++++----------
 common.h      |  4 ++--
 sslh-select.c |  6 +++---
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/common.c b/common.c
index 10dca14..49b29e7 100644
--- a/common.c
+++ b/common.c
@@ -239,7 +239,7 @@ int bind_peer(int fd, int fd_from)
     /* getpeername can fail with ENOTCONN if connection was dropped before we
      * got here */
     res = getpeername(fd_from, from.ai_addr, &from.ai_addrlen);
-    CHECK_RES_RETURN(res, "getpeername");
+    CHECK_RES_RETURN(res, "getpeername", res);
 
     /* if the destination is the same machine, there's no need to do bind */
     if (is_same_machine(&from))
@@ -251,16 +251,16 @@ int bind_peer(int fd, int fd_from)
 #else
     if (from.ai_addr->sa_family==AF_INET) { /* IPv4 */
         res = setsockopt(fd, IPPROTO_IP, IP_BINDANY, &trans, sizeof(trans));
-        CHECK_RES_RETURN(res, "setsockopt IP_BINDANY");
+        CHECK_RES_RETURN(res, "setsockopt IP_BINDANY", res);
 #ifdef IPV6_BINDANY
     } else { /* IPv6 */
         res = setsockopt(fd, IPPROTO_IPV6, IPV6_BINDANY, &trans, sizeof(trans));
-        CHECK_RES_RETURN(res, "setsockopt IPV6_BINDANY");
+        CHECK_RES_RETURN(res, "setsockopt IPV6_BINDANY", res);
 #endif /* IPV6_BINDANY */
     }
 #endif /* IP_TRANSPARENT / IP_BINDANY */
     res = bind(fd, from.ai_addr, from.ai_addrlen);
-    CHECK_RES_RETURN(res, "bind");
+    CHECK_RES_RETURN(res, "bind", res);
 
     return 0;
 }
@@ -281,7 +281,7 @@ int connect_addr(struct connection *cnx, int fd_from)
     from.ai_addrlen = sizeof(ss);
 
     res = getpeername(fd_from, from.ai_addr, &from.ai_addrlen);
-    CHECK_RES_RETURN(res, "getpeername");
+    CHECK_RES_RETURN(res, "getpeername", res);
 
     for (a = cnx->proto->saddr; a; a = a->ai_next) {
         /* When transparent, make sure both connections use the same address family */
@@ -304,7 +304,7 @@ int connect_addr(struct connection *cnx, int fd_from)
 
             if (cfg.transparent) {
                 res = bind_peer(fd, fd_from);
-                CHECK_RES_RETURN(res, "bind_peer");
+                CHECK_RES_RETURN(res, "bind_peer", res);
             }
             res = connect(fd, a->ai_addr, a->ai_addrlen);
             if (res == -1) {
@@ -321,7 +321,7 @@ int connect_addr(struct connection *cnx, int fd_from)
             } else {
                 if (cnx->proto->keepalive) {
                     res = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (char*)&one, sizeof(one));
-                    CHECK_RES_RETURN(res, "setsockopt(SO_KEEPALIVE)");
+                    CHECK_RES_RETURN(res, "setsockopt(SO_KEEPALIVE)", res);
                 }
                 return fd;
             }
@@ -428,7 +428,7 @@ int fd2fd(struct queue *target_q, struct queue *from_q)
        }
    }
 
-   CHECK_RES_RETURN(size_r, "read");
+   CHECK_RES_RETURN(size_r, "read",FD_CNXCLOSED);
 
    if (size_r == 0)
       return FD_CNXCLOSED;
@@ -453,7 +453,7 @@ int fd2fd(struct queue *target_q, struct queue *from_q)
        return FD_STALLED;
    }
 
-   CHECK_RES_RETURN(size_w, "write");
+   CHECK_RES_RETURN(size_w, "write", FD_CNXCLOSED);
 
    return size_w;
 }
@@ -625,7 +625,7 @@ int check_access_rights(int in_socket, const char* service)
     int res;
 
     res = getpeername(in_socket, &peer.saddr, &size);
-    CHECK_RES_RETURN(res, "getpeername");
+    CHECK_RES_RETURN(res, "getpeername", res);
 
     /* extract peer address */
     res = getnameinfo(&peer.saddr, size, addr_str, sizeof(addr_str), NULL, 0, NI_NUMERICHOST);
diff --git a/common.h b/common.h
index cf944a9..37ccebc 100644
--- a/common.h
+++ b/common.h
@@ -42,10 +42,10 @@
        exit(1);         \
     }
 
-#define CHECK_RES_RETURN(res, str) \
+#define CHECK_RES_RETURN(res, str, ret) \
     if (res == -1) {                                    \
         log_message(LOG_CRIT, "%s:%d:%s:%d:%s\n", __FILE__, __LINE__, str, errno, strerror(errno));  \
-        return res;                                     \
+        return ret;                                     \
     } 
 
 #define CHECK_ALLOC(a, str) \
diff --git a/sslh-select.c b/sslh-select.c
index a2ced55..a770bde 100644
--- a/sslh-select.c
+++ b/sslh-select.c
@@ -44,12 +44,12 @@ int set_nonblock(int fd)
     int flags;
 
     flags = fcntl(fd, F_GETFL);
-    CHECK_RES_RETURN(flags, "fcntl");
+    CHECK_RES_RETURN(flags, "fcntl", -1);
 
     flags |= O_NONBLOCK;
 
     flags = fcntl(fd, F_SETFL, flags);
-    CHECK_RES_RETURN(flags, "fcntl");
+    CHECK_RES_RETURN(flags, "fcntl", -1);
 
     return flags;
 }
@@ -93,7 +93,7 @@ int accept_new_connection(int listen_socket, struct connection *cnx[], int* cnx_
     struct connection *new;
 
     in_socket = accept(listen_socket, 0, 0);
-    CHECK_RES_RETURN(in_socket, "accept");
+    CHECK_RES_RETURN(in_socket, "accept", -1);
 
     if (!fd_is_in_range(in_socket)) {
         close(in_socket);