From ec7f57ab985273580f085bbb898cf39422d2d6d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Deuc=D0=B5?= <shurd@sasktel.net>
Date: Wed, 17 Mar 2021 13:38:03 -0400
Subject: [PATCH] Close Socket on unhandled TLS errors

While errors on transmit seem to be handled well, errors on receive
do not, especially through js_recv_line() which has been seen to
trigger a large number (hundreds) of ECONNRESET errors.  To prevent
this, simply close the socket when an otherwise unhandled error
occurs.

Almost certainly fixes that issue, but the underlying cause is still
undetermined.  The calling script (imapservice.js) was checking
Socket.is_connected after each recv_line() call, so if the socket
was actually reset, it would be expected to only call it once.

An alternative would be to explicitly handle the error that is
seen (CRYPT_ERROR_PARAM1), but let's try a generic fix first and see
of anything breaks because of it.  Most likely issue would be an
inability to recv() data after calling shutdown(), but I don't think
many people do that except to move the TIME_WAIT to where they want
it.
---
 src/sbbs3/js_socket.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/sbbs3/js_socket.c b/src/sbbs3/js_socket.c
index 7397a94cbf..779cf04da5 100644
--- a/src/sbbs3/js_socket.c
+++ b/src/sbbs3/js_socket.c
@@ -242,8 +242,10 @@ static ptrdiff_t js_socket_recv(js_socket_private_t *p, void *buf, size_t len, i
 				ret = -1;
 				if (status == CRYPT_ERROR_TIMEOUT)
 					ret = 0;
-				else if (status != CRYPT_ERROR_COMPLETE)
+				else if (status != CRYPT_ERROR_COMPLETE) {
 					GCES(ret, p, estr, "popping data");
+					do_js_close(p, false);
+				}
 			}
 		}
 		if (ret == -1) {
-- 
GitLab