From ccc053b55f5de9872bc1a4999fd6aa85fc5e146d Mon Sep 17 00:00:00 2001
From: Flavia Rainone <frainone@redhat.com>
Date: Tue, 28 Feb 2023 16:56:39 -0300
Subject: [PATCH] [UNDERTOW-2239] CVE-2023-1108 At SslConduit.wrapAndFlip, do
 not attempt to wrap if engine.isInboundDone()

Signed-off-by: Flavia Rainone <frainone@redhat.com>
---
 core/src/main/java/io/undertow/protocols/ssl/SslConduit.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
index 44c7596c09..74b2af7f97 100644
--- a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
+++ b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
@@ -1004,7 +1004,8 @@ private synchronized long doWrap(ByteBuffer[] userBuffers, int off, int len) thr
 
     private SSLEngineResult wrapAndFlip(ByteBuffer[] userBuffers, int off, int len) throws IOException {
         SSLEngineResult result = null;
-        while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW)) {
+        while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP
+                && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW && !engine.isInboundDone())) {
             if (userBuffers == null) {
                 result = engine.wrap(EMPTY_BUFFER, wrappedData.getBuffer());
             } else {