From: Patrick Monnerat <patrick@monnerat.net>
Date: Thu, 5 Jan 2023 03:22:14 +0000 (+0100)
Subject: nss: implement data_pending method
X-Git-Tag: curl-7_88_0~158
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ee0f73919a5fe30a65277c80974c892da5c4f2f4;p=thirdparty%2Fcurl.git

nss: implement data_pending method

NSS currently uses the default Curl_none_data_pending() method which
always returns false, causing TLS buffered input data to be missed.

The current commit implements the nss_data_pending() method that properly
monitors the presence of available TLS data.

Ref:#10077

Closes #10225
---

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 061cf77c84..6cae7b8f35 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -2404,6 +2404,19 @@ static ssize_t nss_send(struct Curl_cfilter *cf,
   return rc; /* number of bytes */
 }
 
+static bool
+nss_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data)
+{
+  struct ssl_connect_data *connssl = cf->ctx;
+  PRFileDesc *fd = connssl->backend->handle->lower;
+  char buf;
+
+  (void) data;
+
+  /* Returns true in case of error to force reading. */
+  return PR_Recv(fd, (void *) &buf, 1, PR_MSG_PEEK, PR_INTERVAL_NO_WAIT) != 0;
+}
+
 static ssize_t nss_recv(struct Curl_cfilter *cf,
                         struct Curl_easy *data,    /* transfer */
                         char *buf,             /* store read data here */
@@ -2554,7 +2567,7 @@ const struct Curl_ssl Curl_ssl_nss = {
   nss_check_cxn,                /* check_cxn */
   /* NSS has no shutdown function provided and thus always fail */
   Curl_none_shutdown,           /* shutdown */
-  Curl_none_data_pending,       /* data_pending */
+  nss_data_pending,             /* data_pending */
   nss_random,                   /* random */
   nss_cert_status_request,      /* cert_status_request */
   nss_connect,                  /* connect */