Loop on filtering SSL reads until we are blocked or exhausted.

This is not a perfect fix, but it's much much better than the
current buggy behavior, which could lead to filtering SSL
connections that just stopped reading.

Based on ideas by Maseeb Abdul Qadir and Mark Ellzey.

diff --git a/bufferevent_openssl.c b/bufferevent_openssl.c
index d703279c8164aeaed0d1bd299804f0ffa17ba30b..ea9d0d657c14ed02447f45fb3289b0d324aa6ead 100644 (file)
--- a/bufferevent_openssl.c
+++ b/bufferevent_openssl.c
@@ -781,6 +781,23 @@ consider_reading(struct bufferevent_openssl *bev_ssl)
                 * already been done, since OpenSSL went and read a
                 * whole SSL record anyway. */
                n_to_read = SSL_pending(bev_ssl->ssl);
+
+               /* XXX This if statement is actually a bad bug, added to avoid
+                * XXX a worse bug.
+                *
+                * The bad bug: It can potentially cause resource unfairness
+                * by reading too much data from the underlying bufferevent;
+                * it can potentially cause read looping if the underlying
+                * bufferevent is a bufferevent_pair and deferred callbacks
+                * aren't used.
+                *
+                * The worse bug: If we didn't do this, then we would
+                * potentially not read any more from bev_ssl->underlying
+                * until more data arrived there, which could lead to us
+                * waiting forever.
+                */
+               if (!n_to_read && bev_ssl->underlying)
+                       n_to_read = bytes_to_read(bev_ssl);
        }
 
        if (!bev_ssl->underlying) {