Correctly discard data after close_notify alert

ctz · ctz · commit 386b6fd2f957 · 2024-05-17T17:26:06.000Z
diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs
@@ -793,7 +793,8 @@ impl<Data> ConnectionCore<Data> {
             {
                 // "Any data received after a closure alert has been received MUST be ignored."
                 // -- <https://datatracker.ietf.org/doc/html/rfc8446#section-6.1>
-                discard = borrowed_buffer.filled().len();
+                // This is data that has already been accepted in `read_tls`.
+                discard += borrowed_buffer.filled().len();
                 break;
             }
         }
diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs
@@ -6390,6 +6390,7 @@ fn test_junk_after_close_notify_received() {
         .read_tls(&mut io::Cursor::new(&client_buffer[..]))
         .unwrap();
     server.process_new_packets().unwrap();
+    server.process_new_packets().unwrap(); // check for desync
 
     // can read data received prior to close_notify
     let mut received_data = [0u8; 128];

Original file line number	Diff line number	Diff line change
`@@ -793,7 +793,8 @@ impl<Data> ConnectionCore<Data> {`
`793`	`793`	`{`
`794`	`794`	`// "Any data received after a closure alert has been received MUST be ignored."`
`795`	`795`	`// -- <https://datatracker.ietf.org/doc/html/rfc8446#section-6.1>`
`796`		`- discard = borrowed_buffer.filled().len();`
	`796`	+ // This is data that has already been accepted in `read_tls`.
	`797`	`+ discard += borrowed_buffer.filled().len();`
`797`	`798`	`break;`
`798`	`799`	`}`
`799`	`800`	`}`