From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 1 Aug 2024 15:17:42 +0000 (+0200)
Subject: Do not falsely start the connection through SSL_pending()/_has_pending()
X-Git-Tag: openssl-3.4.0-alpha1~244
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b7f93c7fcb37c81b88895c3e8d22ad69c2576cd4;p=thirdparty%2Fopenssl.git

Do not falsely start the connection through SSL_pending()/_has_pending()

Fixes #25054

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25069)
---

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index c77230a19f0..8884cfb7f3f 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -2863,6 +2863,9 @@ static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
 
     quic_lock(ctx.qc);
 
+    if (!ctx.qc->started)
+        goto out;
+
     if (ctx.xso == NULL) {
         /* No XSO yet, but there might be a default XSO eligible to be created. */
         if (qc_wait_for_default_xso_for_read(&ctx, /*peek=*/1)) {