From: Matt Caswell <matt@openssl.org>
Date: Thu, 27 Jul 2023 14:30:17 +0000 (+0100)
Subject: Ensure SSL_has_pending() always works even before a connection
X-Git-Tag: openssl-3.2.0-alpha1~330
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c31f06120fa8411da3cd779dfe881325204745ac;p=thirdparty%2Fopenssl.git

Ensure SSL_has_pending() always works even before a connection

s_client calls SSL_has_pending() even before the connection has been
established. We expect it to return 0 in this case and not put any errors
on the stack.

We change things so that SSL_has_pending() always returns 0 if there is
no stream available.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21578)
---

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index f6bd738793f..1e983e3fc08 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -2372,9 +2372,15 @@ static size_t ossl_quic_pending_int(const SSL *s, int check_channel)
     size_t avail = 0;
     int fin = 0;
 
-    if (!expect_quic_with_stream_lock(s, /*remote_init=*/-1, &ctx))
+
+    if (!expect_quic(s, &ctx))
         return 0;
 
+    quic_lock(ctx.qc);
+
+    if (ctx.xso == NULL)
+        goto out;
+
     if (ctx.xso->stream == NULL
         || !ossl_quic_stream_has_recv_buffer(ctx.xso->stream))
         /* Cannot raise errors here because we are const, just fail. */