From: Hugo Landau <hlandau@openssl.org>
Date: Thu, 4 Apr 2024 11:33:37 +0000 (+0100)
Subject: QUIC APL: Ensure incoming stream data can be drained after connection closure
X-Git-Tag: openssl-3.5.0-alpha1~406
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=05e0eae2020edd9318eeb7e2e2360481e4dbae43;p=thirdparty%2Fopenssl.git

QUIC APL: Ensure incoming stream data can be drained after connection closure

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24037)
---

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 65a8fcd9b3d..62c421b06de 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -2922,11 +2922,6 @@ static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek
 
     qctx_lock_for_io(&ctx);
 
-    if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
-        ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
-        goto out;
-    }
-
     /* If we haven't finished the handshake, try to advance it. */
     if (quic_do_handshake(&ctx) < 1) {
         ret = 0; /* ossl_quic_do_handshake raised error here */
@@ -2958,8 +2953,13 @@ static int quic_read(SSL *s, void *buf, size_t len, size_t *bytes_read, int peek
          * Even though we succeeded, tick the reactor here to ensure we are
          * handling other aspects of the QUIC connection.
          */
-        qctx_maybe_autotick(&ctx);
+        if (quic_mutation_allowed(ctx.qc, /*req_active=*/0))
+            qctx_maybe_autotick(&ctx);
+
         ret = 1;
+    } else if (!quic_mutation_allowed(ctx.qc, /*req_active=*/0)) {
+        ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
+        goto out;
     } else if (qctx_blocking(&ctx)) {
         /*
          * We were not able to read anything immediately, so our stream