Check for EOF while reading the HTTP request.

[tlsproxy/tlsproxy.git] / src / connection.c

diff --git a/src/connection.c b/src/connection.c
index d69c2faf6c30874bb8f093ffeed0e260b2f7685a..c91eae358e6a3b7cfa44376afba42c928e96ff6b 100644 (file)
--- a/src/connection.c
+++ b/src/connection.c
@@ -406,6 +406,11 @@ static int initialize_tls_session_client(int peer_socket,
                 PROXY_CA_PATH);
             gnutls_certificate_free_credentials(*x509_cred);
             return -1;
+        } else if (result != 1) {
+            /* Must contain only one CA, our proxy CA. */
+            LOG(ERROR, "initialize_tls_session_client(): multiple CAs found");
+            gnutls_certificate_free_credentials(*x509_cred);
+            return -1;
         }
     }
     /* If the invalid hostname was specified do nothing, we use a self-signed
@@ -566,6 +571,8 @@ static int read_http_request(FILE *client_fd, char *request, size_t length) {
     if (ferror(client_fd)) {
         LOG_PERROR(WARNING, "read_http_request(): fgets()");
         return -1;
+    } else if (feof(client_fd)) {
+        return -2;
     }
 
     if (global_http_digest_authorization != NULL && !found_proxy_authorization) {