receive_encrypted_request(): Properly deal with pending data
authorFabian Keil <fk@fabiankeil.de>
Sat, 18 Jul 2020 11:47:36 +0000 (13:47 +0200)
committerFabian Keil <fk@fabiankeil.de>
Sat, 18 Jul 2020 13:37:24 +0000 (15:37 +0200)
... that has already been received and is thus invisible to
data_is_available().

Previously encrypted client requests that were too large
to be read with a single ssl_recv_data() call could be
rejected as invalid if all the data arrived quickly enough.

Apparently this happended frequently on gmail due to
large Cookies.

Reported by: Robert Klemme
Sponsored by: Robert Klemme

jcc.c

diff --git a/jcc.c b/jcc.c
index 6d91bd0..511b36b 100644 (file)
--- a/jcc.c
+++ b/jcc.c
@@ -2220,7 +2220,8 @@ static jb_err receive_encrypted_request(struct client_state *csp)
    do
    {
       log_error(LOG_LEVEL_HEADER, "Reading encrypted headers");
-      if (!data_is_available(csp->cfd, (int)csp->config->keep_alive_timeout))
+      if (!is_ssl_pending(&(csp->mbedtls_client_attr.ssl)) &&
+          !data_is_available(csp->cfd, (int)csp->config->keep_alive_timeout))
       {
          log_error(LOG_LEVEL_CONNECT,
             "Socket %d timed out while waiting for client headers", csp->cfd);