improvements to return value check and cleanup on failure cases

JacobBarthelmeh · JacobBarthelmeh · commit e9a4e7e103fe · 2025-10-30T14:15:41.000-06:00
diff --git a/examples/posix/wh_posix_client/wh_posix_client_cfg.c b/examples/posix/wh_posix_client/wh_posix_client_cfg.c
@@ -198,18 +198,25 @@ static unsigned int psk_tls12_client_cb(WOLFSSL* ssl, const char* hint,
                                         unsigned char* key,
                                         unsigned int   key_max_len)
 {
+    size_t len;
+
     memset(key, 0, key_max_len);
     const char* exampleIdentity = "PSK_EXAMPLE_CLIENT_IDENTITY";
 
     printf("PSK server identity hint: %s\n", hint);
     printf("PSK using identity: %s\n", exampleIdentity);
     strncpy(identity, exampleIdentity, id_max_len);
 
-    printf("Enter a PSK example password to use :");
-    fgets((char*)key, key_max_len - 1, stdin);
+    printf("Enter PSK password: ");
+    if (fgets((char*)key, key_max_len - 1, stdin) == NULL) {
+        memset(key, 0, key_max_len);
+        return 0U;
+    }
 
     (void)ssl;
-    return strlen((char*)key);
+    len = strcspn((char*)key, "\n");
+    ((char*)key)[len] = '\0';
+    return (unsigned int)len;
 }
 
 /* Setup WOLFSSL_CTX for use with PSK */
diff --git a/examples/posix/wh_posix_server/wh_posix_server_cfg.c b/examples/posix/wh_posix_server/wh_posix_server_cfg.c
@@ -144,15 +144,20 @@ static unsigned int psk_tls12_server_cb(WOLFSSL* ssl, const char* identity,
                                         unsigned char* key,
                                         unsigned int   key_max_len)
 {
+    size_t len;
+
     memset(key, 0, key_max_len);
     printf("PSK TLS12 server callback\n");
     printf("PSK client identity: %s\n", identity);
-
-    printf("Enter a PSK example password to accept :");
-    fgets((char*)key, key_max_len - 1, stdin);
-
+    printf("Enter PSK password to accept: ");
+    if (fgets((char*)key, key_max_len - 1, stdin) == NULL) {
+        memset(key, 0, key_max_len);
+        return 0U;
+    }
+    len = strcspn((char*)key, "\n");
+    ((char*)key)[len] = '\0';
     (void)ssl;
-    return strlen((char*)key);
+    return (unsigned int)len;
 }
 
 #ifdef WOLFSSL_TLS13
@@ -161,16 +166,23 @@ static unsigned int psk_tls13_server_cb(WOLFSSL* ssl, const char* identity,
                                         unsigned int   key_max_len,
                                         const char**   ciphersuite)
 {
+    size_t len;
+
     memset(key, 0, key_max_len);
     printf("PSK TLS13 server callback\n");
     printf("PSK client identity: %s\n", identity);
     *ciphersuite = "TLS13-AES128-GCM-SHA256";
 
-    printf("Enter a PSK example password to accept :");
-    fgets((char*)key, key_max_len - 1, stdin);
+    printf("Enter PSK password: ");
+    if (fgets((char*)key, key_max_len - 1, stdin) == NULL) {
+        memset(key, 0, key_max_len);
+        return 0U;
+    }
+    len = strcspn((char*)key, "\n");
+    ((char*)key)[len] = '\0';
 
     (void)ssl;
-    return strlen((char*)key);
+    return (unsigned int)len;
 }
 #endif /* WOLFSSL_TLS13 */
 
diff --git a/port/posix/posix_transport_tls.c b/port/posix/posix_transport_tls.c
@@ -86,11 +86,20 @@ int posixTransportTls_InitConnect(void* context, const void* config,
         if (!ctx->ssl) {
             wolfSSL_CTX_free(ctx->ssl_ctx);
             ctx->ssl_ctx = NULL;
+            posixTransportTcp_CleanupConnect((void*)&ctx->tcpCtx);
             return WH_ERROR_ABORTED;
         }
 
         /* Set the socket file descriptor */
-        wolfSSL_set_fd(ctx->ssl, ctx->connect_fd_p1);
+        rc = wolfSSL_set_fd(ctx->ssl, ctx->connect_fd_p1);
+        if (rc != WOLFSSL_SUCCESS) {
+            wolfSSL_free(ctx->ssl);
+            ctx->ssl = NULL;
+            wolfSSL_CTX_free(ctx->ssl_ctx);
+            ctx->ssl_ctx = NULL;
+            posixTransportTcp_CleanupConnect((void*)&ctx->tcpCtx);
+            return WH_ERROR_ABORTED;
+        }
     }
     if (ctx->connectcb != NULL) {
         ctx->connectcb(ctx->connectcb_arg, WH_COMM_CONNECTED);
@@ -175,15 +184,7 @@ int posixTransportTls_RecvResponse(void* context, uint16_t* out_size,
 
     /* Create SSL object if not already created */
     if (ctx->ssl == NULL) {
-        ctx->ssl = wolfSSL_new(ctx->ssl_ctx);
-        if (!ctx->ssl) {
-            wolfSSL_CTX_free(ctx->ssl_ctx);
-            ctx->ssl_ctx = NULL;
-            return WH_ERROR_ABORTED;
-        }
-
-        /* Set the socket file descriptor */
-        wolfSSL_set_fd(ctx->ssl, ctx->connect_fd_p1 - 1);
+        return WH_ERROR_BADARGS;
     }
 
     rc  = wolfSSL_read(ctx->ssl, data, PTTLS_PACKET_MAX_SIZE);
@@ -216,7 +217,10 @@ int posixTransportTls_CleanupConnect(void* context)
     if (!ctx) {
         return WH_ERROR_BADARGS;
     }
-    wolfSSL_free(ctx->ssl);
+    if (ctx->ssl) {
+        (void)wolfSSL_shutdown(ctx->ssl);
+        wolfSSL_free(ctx->ssl);
+    }
     ctx->ssl = NULL;
     wolfSSL_CTX_free(ctx->ssl_ctx);
     ctx->ssl_ctx = NULL;
@@ -304,9 +308,6 @@ int posixTransportTls_RecvRequest(void* context, uint16_t* out_size, void* data)
                     return WH_ERROR_NOTREADY;
 
                 default:
-                    /* Other error. Assume fatal. */
-                    close(ctx->listen_fd_p1 - 1);
-                    ctx->listen_fd_p1 = 0;
                     return WH_ERROR_ABORTED;
             }
         }
@@ -323,7 +324,10 @@ int posixTransportTls_RecvRequest(void* context, uint16_t* out_size, void* data)
         }
 
         /* Set the socket file descriptor */
-        wolfSSL_set_fd(ctx->ssl, ctx->accept_fd_p1 - 1);
+        rc = wolfSSL_set_fd(ctx->ssl, ctx->accept_fd_p1 - 1);
+        if (rc != WOLFSSL_SUCCESS) {
+            return WH_ERROR_ABORTED;
+        }
 
         /* Perform TLS handshake */
         rc = wolfSSL_accept(ctx->ssl);
@@ -333,8 +337,6 @@ int posixTransportTls_RecvRequest(void* context, uint16_t* out_size, void* data)
                 err == WOLFSSL_ERROR_WANT_WRITE) {
                 return WH_ERROR_NOTREADY;
             }
-            wolfSSL_free(ctx->ssl);
-            ctx->ssl = NULL;
             return WH_ERROR_ABORTED;
         }
 
@@ -356,9 +358,6 @@ int posixTransportTls_RecvRequest(void* context, uint16_t* out_size, void* data)
     }
     else {
         /* Connection closed */
-        wolfSSL_free(ctx->ssl);
-        ctx->ssl = NULL;
-        posixTransportTcp_CleanupListen((void*)&ctx->tcpCtx);
         return WH_ERROR_ABORTED;
     }
 #else
@@ -416,6 +415,7 @@ int posixTransportTls_CleanupListen(void* context)
     }
     /* Clean up SSL objects */
     if (ctx->ssl) {
+        (void)wolfSSL_shutdown(ctx->ssl);
         wolfSSL_free(ctx->ssl);
         ctx->ssl = NULL;
     }
