From: Matt Caswell <matt@openssl.org>
Date: Tue, 29 May 2018 15:09:02 +0000 (+0100)
Subject: Don't call setsockopt with an invalid fd
X-Git-Tag: OpenSSL_1_1_1-pre8~98
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=5f49783c12e9e6100075e50fe727ee2d5cc30445

Don't call setsockopt with an invalid fd

This is probably a "should not happen" scenario, but better check anyway.
Found by Coverity.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6373)
---

diff --git a/apps/s_time.c b/apps/s_time.c
index 5688f4f5fb..82d40a5a51 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -389,11 +389,14 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
 #if defined(SOL_SOCKET) && defined(SO_LINGER)
     {
         struct linger no_linger;
+        int fd;
 
         no_linger.l_onoff  = 1;
         no_linger.l_linger = 0;
-        (void) setsockopt(SSL_get_fd(serverCon), SOL_SOCKET, SO_LINGER,
-                          (char*)&no_linger, sizeof(no_linger));
+        fd = SSL_get_fd(serverCon);
+        if (fd >= 0)
+            (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger,
+                             sizeof(no_linger));
     }
 #endif