From 76241df7485d4437bb78c1accfae97ee71578473 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 18 Jul 2020 13:47:36 +0200
Subject: [PATCH] receive_encrypted_request(): Properly deal with pending data

... that has already been received and is thus invisible to
data_is_available().

Previously encrypted client requests that were too large
to be read with a single ssl_recv_data() call could be
rejected as invalid if all the data arrived quickly enough.

Apparently this happended frequently on gmail due to
large Cookies.

Reported by: Robert Klemme
Sponsored by: Robert Klemme
---
 jcc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/jcc.c b/jcc.c
index 6d91bd07..511b36be 100644
--- a/jcc.c
+++ b/jcc.c
@@ -2220,7 +2220,8 @@ static jb_err receive_encrypted_request(struct client_state *csp)
    do
    {
       log_error(LOG_LEVEL_HEADER, "Reading encrypted headers");
-      if (!data_is_available(csp->cfd, (int)csp->config->keep_alive_timeout))
+      if (!is_ssl_pending(&(csp->mbedtls_client_attr.ssl)) &&
+          !data_is_available(csp->cfd, (int)csp->config->keep_alive_timeout))
       {
          log_error(LOG_LEVEL_CONNECT,
             "Socket %d timed out while waiting for client headers", csp->cfd);
-- 
2.39.2