From 2985a6018f1123b8843023f09d004f477f59a009 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 29 Jan 2020 08:49:01 -0500
Subject: [PATCH] buf_read_from_tls: Return ERROR_MISC, not WANTWRITE, on
 BUG().

Fixes bug 32673; bugfix on 0.3.0.4-alpha.  We introduced these
checks in ee5471f9aab5526 to help diagnose 21369, but we used "-1"
when "TOR_TLS_ERROR_MISC" would have been correct.  Found by opara.

I don't think that this is actually getting triggered in the wild,
but if it were, it could cause nasty behavior: spurious
WANTREAD/WANTWRITE returns have a way of turning into CPU-eating
busy-loops.
---
 changes/bug32673          | 5 +++++
 src/lib/tls/buffers_tls.c | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 changes/bug32673

diff --git a/changes/bug32673 b/changes/bug32673
new file mode 100644
index 0000000000..32f02c6393
--- /dev/null
+++ b/changes/bug32673
@@ -0,0 +1,5 @@
+  o Minor bugfixes (TLS bug handling):
+    - When encountering a bug in buf_read_freom_tls(), return a
+      "MISC" error code rather than "WANTWRITE".  This change might
+      help avoid some CPU-wasting loops if the bug is ever triggered.
+      Bug reported by opara.    Fixes bug 32673; bugfix on 0.3.0.4-alpha.
diff --git a/src/lib/tls/buffers_tls.c b/src/lib/tls/buffers_tls.c
index e92cb9163f..52be78811d 100644
--- a/src/lib/tls/buffers_tls.c
+++ b/src/lib/tls/buffers_tls.c
@@ -69,9 +69,9 @@ buf_read_from_tls(buf_t *buf, tor_tls_t *tls, size_t at_most)
   check_no_tls_errors();
 
   IF_BUG_ONCE(buf->datalen >= INT_MAX)
-    return -1;
+    return TOR_TLS_ERROR_MISC;
   IF_BUG_ONCE(buf->datalen >= INT_MAX - at_most)
-    return -1;
+    return TOR_TLS_ERROR_MISC;
 
   while (at_most > total_read) {
     size_t readlen = at_most - total_read;