Skip to content

Commit 8e1c513

Browse files
Olivier Houchardcognet
authored andcommitted
BUG/MEDIUM: ssl: Don't free the early data buffer too early
When 0RTT is enabled, a temporary buffer for early data is used. We read from it first when the mux asks for data, and then we free it when it is empty, but that is not right, because maybe we have more early data to receive, and then we no longer have any buffer to store them, and that will eventually end up with the connection closed in error. To fix that, as long as we haven't received all the early data yet, just reset the buffer, instead of freeing it. This should fix github issue #3416 This should be backported up to 2.8.
1 parent 33c765f commit 8e1c513

1 file changed

Lines changed: 6 additions & 2 deletions

File tree

src/ssl_sock.c

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7092,8 +7092,12 @@ static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct bu
70927092
memcpy(b_tail(buf), b_head(&ctx->early_buf), try);
70937093
b_add(buf, try);
70947094
b_del(&ctx->early_buf, try);
7095-
if (b_data(&ctx->early_buf) == 0)
7096-
b_free(&ctx->early_buf);
7095+
if (b_data(&ctx->early_buf) == 0) {
7096+
if (!(ctx->conn->flags & CO_FL_EARLY_SSL_HS))
7097+
b_free(&ctx->early_buf);
7098+
else
7099+
b_reset(&ctx->early_buf);
7100+
}
70977101
TRACE_STATE("read early data", SSL_EV_CONN_RECV|SSL_EV_CONN_RECV_EARLY, conn, &try);
70987102
return try;
70997103
}

0 commit comments

Comments
 (0)