From 708b3f8b4e56aa6e8423e805b362bfc15389846c Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Thu, 19 Mar 2026 10:33:08 +0100 Subject: [PATCH] wolfssl: fix handling of abrupt connection close A closed connection without TLS notify shutdowns, has been reported as a correct EOF instead of an error. Fix the error handling in wolfSSL backend receive handling. Spotted by Codex Security Closes #21002 --- lib/vtls/wolfssl.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index b35645b458..243b89f6f5 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -2017,13 +2017,13 @@ static CURLcode wssl_recv(struct Curl_cfilter *cf, case WOLFSSL_ERROR_NONE: case WOLFSSL_ERROR_WANT_READ: case WOLFSSL_ERROR_WANT_WRITE: - if(!wssl->io_result && connssl->peer_closed) { - CURL_TRC_CF(data, cf, "wssl_recv(len=%zu) -> CLOSED", blen); - return CURLE_OK; + if(!wssl->io_result && !connssl->peer_closed) { + /* there is data pending, re-invoke wolfSSL_read() */ + CURL_TRC_CF(data, cf, "wssl_recv(len=%zu) -> AGAIN", blen); + return CURLE_AGAIN; } - /* there is data pending, re-invoke wolfSSL_read() */ - CURL_TRC_CF(data, cf, "wssl_recv(len=%zu) -> AGAIN", blen); - return CURLE_AGAIN; + /* fall through to default error handling below */ + FALLTHROUGH(); default: if(wssl->io_result == CURLE_AGAIN) { CURL_TRC_CF(data, cf, "wssl_recv(len=%zu) -> AGAIN", blen);