From ed3918023e9cb56cd8b5aee0647135d4088a65b0 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 29 May 2020 17:54:58 +0000
Subject: Handle the case where we receive a valid 0 byte application data
 record.

In this situation we cannot return zero bytes, as that signals EOF. Rather
we need to return TLS13_IO_WANT_POLLIN so tell the caller to call us again,
at which point we'll pull up the next record.

ok tb@
---
 src/lib/libssl/tls13_record_layer.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index 70c440fee0..5e6f8e1e5b 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.46 2020/05/26 16:54:50 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.47 2020/05/29 17:54:58 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -888,6 +888,15 @@ tls13_record_layer_read_internal(struct tls13_record_layer *rl,
 	if (CBS_len(&rl->rbuf_cbs) == 0) {
 		if ((ret = tls13_record_layer_read_record(rl)) <= 0)
 			return ret;
+
+		/*
+		 * We may have read a valid 0-byte application data record,
+		 * in which case we need to read the next record.
+		 */
+		if (CBS_len(&rl->rbuf_cbs) == 0) {
+			tls13_record_layer_rbuf_free(rl);
+			return TLS13_IO_WANT_POLLIN;
+		}
 	}
 
 	/*
-- 
cgit v1.2.3-55-g6feb