Merge pull request #1453 from fl4via/UNDERTOW-2239

[UNDERTOW-2239] CVE-2023-1108 At SslConduit.wrapAndFlip, do not attem…
undertow-io · Mar 25, 2023 · 1b76306 · 1b76306
2 parents c91fe12 + ccc053b
commit 1b76306
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
@@ -1004,7 +1004,8 @@ private synchronized long doWrap(ByteBuffer[] userBuffers, int off, int len) thr
 
     private SSLEngineResult wrapAndFlip(ByteBuffer[] userBuffers, int off, int len) throws IOException {
         SSLEngineResult result = null;
-        while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW)) {
+        while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP
+                && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW && !engine.isInboundDone())) {
             if (userBuffers == null) {
                 result = engine.wrap(EMPTY_BUFFER, wrappedData.getBuffer());
             } else {