From 8f5db6b513b90b6ee5b625131a25b146fa912e0d Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Fri, 30 Jun 2017 17:12:11 +0200
Subject: Improve closing the TLS connection

If gnutls_session_bye() exited with an error, we never closed
the underlying file descriptor, causing the method to think the
connection was still open. This caused problems especially in
test-partial-file-support where we checked that a "complete"
file and an incomplete file work. The first GET returns a 416
with Connection: close, and the next GET request then accidentally
reads the body of the 416 as the header for its own request.
---
 methods/connect.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'methods')

diff --git a/methods/connect.cc b/methods/connect.cc
index f58a67db3..0d4b3e26f 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -632,9 +632,9 @@ struct TlsFd : public MethodFd
 
    int Close() APT_OVERRIDE
    {
-      if (HandleError(gnutls_bye(session, GNUTLS_SHUT_RDWR)) < 0)
-	 return -1;
-      return UnderlyingFd->Close();
+      auto err = HandleError(gnutls_bye(session, GNUTLS_SHUT_RDWR));
+      auto lower = UnderlyingFd->Close();
+      return err < 0 ? HandleError(err) : lower;
    }
 
    bool HasPending() APT_OVERRIDE
-- 
cgit v1.2.3