From 32565d0d651330f39802c51c2a98c0493d39350d Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Fri, 29 Jul 2022 19:33:25 +0300
Subject: [PATCH] TLS: do not ignore readpaused flag in certain circumstances

In some circumstances generic TLS code could have resumed data reading
unexpectedly on the TCP layer code. Due to this, the behaviour of
isc_nm_pauseread() and isc_nm_resumeread() might have been
unexpected. This commit fixes that.

The bug does not seems to have real consequences in the existing code
due to the way the code is used. However, the bug could have lead to
unexpected behaviour and, at any rate, makes the TLS code behave
differently from the TCP code, with which it attempts to be as
compatible as possible.
---
 lib/isc/netmgr/tlsstream.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c
index e34e74cc46..01a8f65aaa 100644
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -492,6 +492,13 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 				if (sock->statichandle == NULL) {
 					finish = true;
 					break;
+				} else if (atomic_load(&sock->readpaused)) {
+					/*
+					 * Reading has been paused from withing
+					 * the context of read callback - stop
+					 * processing incoming data.
+					 */
+					break;
 				}
 			}
 		}
@@ -542,11 +549,9 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 		}
 		return;
 	case SSL_ERROR_WANT_READ:
-		if (tls_try_to_close_unused_socket(sock)) {
-			return;
-		}
-
-		if (sock->outerhandle == NULL) {
+		if (tls_try_to_close_unused_socket(sock) ||
+		    sock->outerhandle == NULL || atomic_load(&sock->readpaused))
+		{
 			return;
 		}