From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 18 Jul 2020 11:47:36 +0000 (+0200)
Subject: receive_encrypted_request(): Properly deal with pending data
X-Git-Tag: v_3_0_29~266
X-Git-Url: http://www.privoxy.org/gitweb/@default-cgi@/faq/%22https:/developer-manual/@default-cgi@show-url-info?a=commitdiff_plain;h=76241df7485d4437bb78c1accfae97ee71578473;p=privoxy.git

receive_encrypted_request(): Properly deal with pending data

... that has already been received and is thus invisible to
data_is_available().

Previously encrypted client requests that were too large
to be read with a single ssl_recv_data() call could be
rejected as invalid if all the data arrived quickly enough.

Apparently this happended frequently on gmail due to
large Cookies.

Reported by: Robert Klemme
Sponsored by: Robert Klemme
---

diff --git a/jcc.c b/jcc.c
index 6d91bd07..511b36be 100644
--- a/jcc.c
+++ b/jcc.c
@@ -2220,7 +2220,8 @@ static jb_err receive_encrypted_request(struct client_state *csp)
    do
    {
       log_error(LOG_LEVEL_HEADER, "Reading encrypted headers");
-      if (!data_is_available(csp->cfd, (int)csp->config->keep_alive_timeout))
+      if (!is_ssl_pending(&(csp->mbedtls_client_attr.ssl)) &&
+          !data_is_available(csp->cfd, (int)csp->config->keep_alive_timeout))
       {
          log_error(LOG_LEVEL_CONNECT,
             "Socket %d timed out while waiting for client headers", csp->cfd);