socks: make Curl_blockread_all return CURLcode

Reported in Joshua's sarif data Closes #18635
2026-01-26 15:03:21 +00:00 · 2025-09-20 14:29:44 +02:00 · 2025-09-20 14:29:44 +02:00 · 2a5da01e42
commit 2a5da01e42
parent ca75476a5c
3 changed files with 36 additions and 34 deletions
--- a/lib/socks.c
+++ b/lib/socks.c
@ -98,14 +98,14 @@ struct socks_state {
 *
 * This is STUPID BLOCKING behavior. Only used by the SOCKS GSSAPI functions.
 */
-int Curl_blockread_all(struct Curl_cfilter *cf,
-                       struct Curl_easy *data,   /* transfer */
-                       char *buf,                /* store read data here */
-                       size_t blen,              /* space in buf */
-                       size_t *pnread)           /* amount bytes read */
+CURLcode Curl_blockread_all(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            char *buf,             /* store read data here */
+                            size_t blen,           /* space in buf */
+                            size_t *pnread)        /* amount bytes read */
 {
  size_t nread = 0;
-  CURLcode err;
+  CURLcode result;

  *pnread = 0;
  for(;;) {
@ -116,21 +116,20 @@ int Curl_blockread_all(struct Curl_cfilter *cf,
    }
    if(!timeout_ms)
      timeout_ms = TIMEDIFF_T_MAX;
-    if(SOCKET_READABLE(cf->conn->sock[cf->sockindex], timeout_ms) <= 0) {
-      return ~CURLE_OK;
-    }
-    err = Curl_conn_cf_recv(cf->next, data, buf, blen, &nread);
-    if(CURLE_AGAIN == err)
+    if(SOCKET_READABLE(cf->conn->sock[cf->sockindex], timeout_ms) <= 0)
+      return CURLE_OPERATION_TIMEDOUT;
+    result = Curl_conn_cf_recv(cf->next, data, buf, blen, &nread);
+    if(CURLE_AGAIN == result)
      continue;
-    else if(err)
-      return (int)err;
+    else if(result)
+      return result;

    if(blen == nread) {
      *pnread += nread;
      return CURLE_OK;
    }
    if(!nread) /* EOF */
-      return ~CURLE_OK;
+      return CURLE_RECV_ERROR;

    buf += nread;
    blen -= nread;
--- a/lib/socks.h
+++ b/lib/socks.h
@ -37,11 +37,11 @@
 *
 * This is STUPID BLOCKING behavior
 */
-int Curl_blockread_all(struct Curl_cfilter *cf,
-                       struct Curl_easy *data,
-                       char *buf,
-                       size_t blen,
-                       size_t *pnread);
+CURLcode Curl_blockread_all(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            char *buf,
+                            size_t blen,
+                            size_t *pnread);

 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
 /*
--- a/lib/socks_sspi.c
+++ b/lib/socks_sspi.c
@ -72,7 +72,6 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
  size_t actualread;
  size_t written;
  CURLcode result;
-  int err;
  /* Needs GSS-API authentication */
  SECURITY_STATUS status;
  unsigned long sspi_ret_flags = 0;
@ -237,10 +236,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
     * +----+------+-----+----------------+
     */

-    err = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
-    if(err || (actualread != 4)) {
+    result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
+    if(result || (actualread != 4)) {
      failf(data, "Failed to receive SSPI authentication response.");
-      result = CURLE_COULDNT_CONNECT;
+      if(!result)
+        result = CURLE_COULDNT_CONNECT;
      goto error;
    }

@ -269,12 +269,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
      result = CURLE_OUT_OF_MEMORY;
      goto error;
    }
-    err = Curl_blockread_all(cf, data, (char *)sspi_recv_token.pvBuffer,
-                             sspi_recv_token.cbBuffer, &actualread);
+    result = Curl_blockread_all(cf, data, (char *)sspi_recv_token.pvBuffer,
+                                sspi_recv_token.cbBuffer, &actualread);

-    if(err || (actualread != us_length)) {
+    if(result || (actualread != us_length)) {
      failf(data, "Failed to receive SSPI authentication token.");
-      result = CURLE_COULDNT_CONNECT;
+      if(!result)
+        result = CURLE_COULDNT_CONNECT;
      goto error;
    }

@ -453,10 +454,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
    Curl_safefree(etbuf);
  }

-  err = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
-  if(err || (actualread != 4)) {
+  result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
+  if(result || (actualread != 4)) {
    failf(data, "Failed to receive SSPI encryption response.");
-    result = CURLE_COULDNT_CONNECT;
+    if(!result)
+      result = CURLE_COULDNT_CONNECT;
    goto error;
  }

@ -485,12 +487,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
    goto error;
  }

-  err = Curl_blockread_all(cf, data, (char *)sspi_w_token[0].pvBuffer,
-                           sspi_w_token[0].cbBuffer, &actualread);
+  result = Curl_blockread_all(cf, data, (char *)sspi_w_token[0].pvBuffer,
+                              sspi_w_token[0].cbBuffer, &actualread);

-  if(err || (actualread != us_length)) {
+  if(result || (actualread != us_length)) {
    failf(data, "Failed to receive SSPI encryption type.");
-    result = CURLE_COULDNT_CONNECT;
+    if(!result)
+      result = CURLE_COULDNT_CONNECT;
    goto error;
  }