exit even if not enough data

DeagleGross · DeagleGross · commit 058116345dad · 2025-04-23T22:21:45.000+02:00
diff --git a/src/Servers/Kestrel/Core/src/Middleware/TlsListenerMiddleware.cs b/src/Servers/Kestrel/Core/src/Middleware/TlsListenerMiddleware.cs
@@ -34,7 +34,7 @@ internal async Task OnTlsClientHelloAsync(ConnectionContext connection)
             {
                 // If the buffer length is less than 6 bytes (handshake + version + length + client-hello byte)
                 // and no more data is coming, we can't block in a loop here because we will not get more data
-                if (buffer.Length < 6 && result.IsCompleted)
+                if (result.IsCompleted && buffer.Length < 6)
                 {
                     break;
                 }
@@ -43,6 +43,13 @@ internal async Task OnTlsClientHelloAsync(ConnectionContext connection)
 
                 if (parseState == ClientHelloParseState.NotEnoughData)
                 {
+                    // if no data will be added, and we still lack enough bytes
+                    // we can't block in a loop, so just exit
+                    if (result.IsCompleted)
+                    {
+                        break;
+                    }
+
                     continue;
                 }
 
diff --git a/src/Servers/Kestrel/test/InMemory.FunctionalTests/TlsListenerMiddlewareTests.Units.cs b/src/Servers/Kestrel/test/InMemory.FunctionalTests/TlsListenerMiddlewareTests.Units.cs
@@ -480,6 +480,21 @@ public static IEnumerable<object[]> InvalidClientHelloData_Segmented()
         // not enough data - so incorrect
     };
 
+    private static byte[] invalid_9BytesMessage =
+    {
+        // 0x16 = Handshake
+        0x16,
+        // 0x0301 = TLS 1.0
+        0x03, 0x01,
+        // length = 0x0020 (32 bytes)
+        0x00, 0x20,
+        // Handshake.msg_type (client hello)
+        0x01,
+        // should have 31 bytes (zeros for simplicity)
+        0, 0, 0
+        // no other data here - incorrect
+    };
+
     private static byte[] invalid_UnknownProtocolVersion1 =
     {
         // Handshake
@@ -529,6 +544,7 @@ public static IEnumerable<object[]> InvalidClientHelloData_Segmented()
 
     private static List<byte[]> invalid_collection = new List<byte[]>()
     {
-        invalid_TlsClientHelloHeader, invalid_3BytesMessage, invalid_UnknownProtocolVersion1, invalid_UnknownProtocolVersion2, invalid_IncorrectHandshakeMessageType
+        invalid_TlsClientHelloHeader, invalid_3BytesMessage, invalid_9BytesMessage,
+        invalid_UnknownProtocolVersion1, invalid_UnknownProtocolVersion2, invalid_IncorrectHandshakeMessageType
     };
 }

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ internal async Task OnTlsClientHelloAsync(ConnectionContext connection)`
`34`	`34`	`{`
`35`	`35`	`// If the buffer length is less than 6 bytes (handshake + version + length + client-hello byte)`
`36`	`36`	`// and no more data is coming, we can't block in a loop here because we will not get more data`
`37`		`- if (buffer.Length < 6 && result.IsCompleted)`
	`37`	`+ if (result.IsCompleted && buffer.Length < 6)`
`38`	`38`	`{`
`39`	`39`	`break;`
`40`	`40`	`}`
`@@ -43,6 +43,13 @@ internal async Task OnTlsClientHelloAsync(ConnectionContext connection)`
`43`	`43`
`44`	`44`	`if (parseState == ClientHelloParseState.NotEnoughData)`
`45`	`45`	`{`
	`46`	`+ // if no data will be added, and we still lack enough bytes`
	`47`	`+ // we can't block in a loop, so just exit`
	`48`	`+ if (result.IsCompleted)`
	`49`	`+ {`
	`50`	`+ break;`
	`51`	`+ }`
	`52`	`+`
`46`	`53`	`continue;`
`47`	`54`	`}`
`48`	`55`