diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2020-04-13 12:15:53 -0400 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-05-08 19:38:42 +0000 |
commit | f9ae69de6204289abc1702ba359fcd9b0387572c (patch) | |
tree | 29af55dc73619786c9b0705a0fd554d2cb0447ad | |
parent | 53f640abde82c6e3f19db2824350000615065fbe (diff) | |
download | mongo-f9ae69de6204289abc1702ba359fcd9b0387572c.tar.gz |
SERVER-47373 Improve handling of empty TLS packets
(cherry picked from commit b0b768dfb4d7957817f5e06920d081a46a3debe9)
-rw-r--r-- | src/mongo/util/net/ssl/detail/impl/schannel.ipp | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/mongo/util/net/ssl/detail/impl/schannel.ipp b/src/mongo/util/net/ssl/detail/impl/schannel.ipp index 0fcbf547c39..212990903b2 100644 --- a/src/mongo/util/net/ssl/detail/impl/schannel.ipp +++ b/src/mongo/util/net/ssl/detail/impl/schannel.ipp @@ -250,8 +250,15 @@ ssl_want SSLHandshakeManager::startShutdown(asio::error_code& ec) { return ssl_want::want_nothing; } - // TODO - I have not found a way to hit this code path - ASIO_ASSERT(false); + _pOutBuffer->reset(); + _pOutBuffer->append(outputBuffers[0].pvBuffer, outputBuffers[0].cbBuffer); + + if (SEC_E_OK == ss && outputBuffers[0].cbBuffer != 0) { + ec = asio::error::eof; + return ssl_want::want_output; + } else { + return ssl_want::want_nothing; + } } return ssl_want::want_nothing; @@ -638,6 +645,10 @@ ssl_want SSLReadManager::decryptBuffer(asio::error_code& ec, DecryptState* pDecr return ssl_want::want_nothing; } else { + // Clear the existing TLS packet from the input buffer since it was completely empty + // and we have already processed any extra data. + _pInBuffer->reset(); + // Sigh, this means that the remote side sent us an TLS record with just a encryption // header/trailer but no actual data. // |