when we get eof, stop the loop immidiately and do not
rely on the read to eventually return an error.
when convM2S() fails to decode the message, error out
and stop the loop. there is no point in continuing.
werrstr() takes a format string as its first argument.
a common error is to pass user controlled string buffers
into werrstr() that might contain format string escapes
causing werrstr() to take bogus arguments from the stack
and crash.
so instead of doing:
werrstr(buf);
we want todo:
werrstr("%s", buf);
or if we have a local ERRMAX sized buffer that we can override:
errstr(buf, sizeof buf);
- TLSconn structure on stack but not initialized (zeroed)
- original filedescriptor double closed in error case
- original filedescriptor leaked in success case
- leaked TLSconn.sessionID and TLSconn.cert
- clarify in pushtls(2) and pushssl(2)
