rustls: only return CURLE_AGAIN when TLS session is fully drained

The code in cr_recv was returning prematurely as soon as the socket
reported no more data to read. However, this could be leaving some
unread plaintext data in the rustls session from a previous call,
causing causing the transfer to hang if the socket never receives
further data.

We need to ensure that the session is fully drained of plaintext data
before returning CURLE_AGAIN to the caller.

Reviewed-by: Jacob Hoffman-Andrews
Closes #6894

1 files changed, 8 insertions, 5 deletions

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index e4f589de5..c12794af5 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -119,18 +119,21 @@ cr_recv(struct Curl_easy *data, int sockindex,
   else if(tls_bytes_read < 0) {
     if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
       infof(data, "sread: EAGAIN or EWOULDBLOCK\n");
-      *err = CURLE_AGAIN;
+      /* There is no data in the socket right now, but there could still be
+         some data in the rustls session, so we need to read from it below. */
+      tls_bytes_read = 0;
+    }
+    else {
+      failf(data, "reading from socket: %s", strerror(SOCKERRNO));
+      *err = CURLE_READ_ERROR;
       return -1;
     }
-    failf(data, "reading from socket: %s", strerror(SOCKERRNO));
-    *err = CURLE_READ_ERROR;
-    return -1;
   }
 
   /*
   * Now pull those bytes from the buffer into ClientSession.
   */
-  DEBUGASSERT(tls_bytes_read > 0);
+  DEBUGASSERT(tls_bytes_read >= 0);
   while(tls_bytes_processed < (size_t)tls_bytes_read) {
     rresult = rustls_client_session_read_tls(session,
       backend->tlsbuf + tls_bytes_processed,