diff --git a/tool/client.cc b/tool/client.cc index 57f2b24237..b2f0df7c51 100644 --- a/tool/client.cc +++ b/tool/client.cc @@ -18,6 +18,10 @@ #if !defined(OPENSSL_WINDOWS) #include +#include +static int closesocket(int sock) { + return close(sock); +} #else OPENSSL_MSVC_PRAGMA(warning(push, 3)) #include @@ -318,8 +322,11 @@ static bool DoConnection(SSL_CTX *ctx, bool (*cb)(SSL *ssl, int sock), bool is_openssl_s_client) { int sock = -1; if (args_map.count("-http-tunnel") != 0) { - if (!Connect(&sock, args_map["-http-tunnel"], is_openssl_s_client) || - !DoHTTPTunnel(sock, args_map["-connect"])) { + if (!Connect(&sock, args_map["-http-tunnel"], is_openssl_s_client)) { + return false; + } + if (!DoHTTPTunnel(sock, args_map["-connect"])) { + closesocket(sock); return false; } } else if (!Connect(&sock, args_map["-connect"], is_openssl_s_client)) { @@ -335,19 +342,25 @@ static bool DoConnection(SSL_CTX *ctx, const std::string& starttls = args_map["-starttls"]; if (starttls == "smtp") { if (!DoSMTPStartTLS(sock)) { + closesocket(sock); return false; } } else { + closesocket(sock); fprintf(stderr, "Unknown value for -starttls: %s\n", starttls.c_str()); return false; } } + // BIO takes ownership of |sock| from this point forward. bssl::UniquePtr bio(BIO_new_socket(sock, BIO_CLOSE)); bssl::UniquePtr ssl(SSL_new(ctx)); if (args_map.count("-server-name") != 0) { - SSL_set_tlsext_host_name(ssl.get(), args_map["-server-name"].c_str()); + if (!SSL_set_tlsext_host_name(ssl.get(), + args_map["-server-name"].c_str())) { + return false; + } } if (args_map.count("-ech-grease") != 0) { diff --git a/tool/transport_common.cc b/tool/transport_common.cc index 80c8d91030..d53e470d97 100644 --- a/tool/transport_common.cc +++ b/tool/transport_common.cc @@ -196,6 +196,7 @@ bool Connect(int *out_sock, const std::string &hostname_and_port, bool quiet) { if (connect(*out_sock, result->ai_addr, result->ai_addrlen) != 0) { PrintSocketError("connect"); + closesocket(*out_sock); goto out; } ok = true;