undertow/CVE-2023-1108.patch

From b98b55c993e3163e22121935f826adc8c4025c86 Mon Sep 17 00:00:00 2001
From: mayp <mayanping@ncti-gba.cn>
Date: Mon, 3 Apr 2023 18:02:05 +0800
Subject: [PATCH] Fix CVE-2023-1108

---
 core/src/main/java/io/undertow/protocols/ssl/SslConduit.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
index 3084915..dde0e0c 100644
--- a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
+++ b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
@@ -852,7 +852,7 @@ public class SslConduit implements StreamSourceConduit, StreamSinkConduit {
         }
         try {
             SSLEngineResult result = null;
-            while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW)) {
+            while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW && !engine.isInboundDone())) {
                 if (userBuffers == null) {
                     result = engine.wrap(EMPTY_BUFFER, wrappedData.getBuffer());
                 } else {
-- 
2.36.1
Fix CVE-2023-1108 (cherry picked from commit c5b24f21b91099ae8ce406eed9aa12986c5df06c) 2023-04-03 18:50:35 +08:00			`From b98b55c993e3163e22121935f826adc8c4025c86 Mon Sep 17 00:00:00 2001`
			`From: mayp <mayanping@ncti-gba.cn>`
			`Date: Mon, 3 Apr 2023 18:02:05 +0800`
			`Subject: [PATCH] Fix CVE-2023-1108`

			`---`
			`core/src/main/java/io/undertow/protocols/ssl/SslConduit.java \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java`
			`index 3084915..dde0e0c 100644`
			`--- a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java`
			`+++ b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java`
			`@@ -852,7 +852,7 @@ public class SslConduit implements StreamSourceConduit, StreamSinkConduit {`
			`}`
			`try {`
			`SSLEngineResult result = null;`
			`- while (result == null \|\| (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW)) {`
			`+ while (result == null \|\| (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW && !engine.isInboundDone())) {`
			`if (userBuffers == null) {`
			`result = engine.wrap(EMPTY_BUFFER, wrappedData.getBuffer());`
			`} else {`
			`--`
			`2.36.1`