From c2fa72027c8cd860a76e243f2735c57960a1b250 Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Fri, 29 Jul 2022 19:33:25 +0300
Subject: [PATCH] TLS: do not ignore readpaused flag in certain circumstances

In some circumstances generic TLS code could have resumed data reading
unexpectedly on the TCP layer code. Due to this, the behaviour of
isc_nm_pauseread() and isc_nm_resumeread() might have been
unexpected. This commit fixes that.

The bug does not seems to have real consequences in the existing code
due to the way the code is used. However, the bug could have lead to
unexpected behaviour and, at any rate, makes the TLS code behave
differently from the TCP code, with which it attempts to be as
compatible as possible.

(cherry picked from commit ec0647d546204a0e09aeaf0e2aabb37f1fb67dd0)
---
 lib/isc/netmgr/tlsstream.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c
index ef3f70fc42..acfab53cbb 100644
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -493,6 +493,13 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 				if (sock->statichandle == NULL) {
 					finish = true;
 					break;
+				} else if (atomic_load(&sock->readpaused)) {
+					/*
+					 * Reading has been paused from withing
+					 * the context of read callback - stop
+					 * processing incoming data.
+					 */
+					break;
 				}
 			}
 		}
@@ -543,11 +550,9 @@ tls_do_bio(isc_nmsocket_t *sock, isc_region_t *received_data,
 		}
 		return;
 	case SSL_ERROR_WANT_READ:
-		if (tls_try_to_close_unused_socket(sock)) {
-			return;
-		}
-
-		if (sock->outerhandle == NULL) {
+		if (tls_try_to_close_unused_socket(sock) ||
+		    sock->outerhandle == NULL || atomic_load(&sock->readpaused))
+		{
 			return;
 		}