From e21fa577dde32849fdaa744f30ad3b23d63b7214 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
Date: Thu, 5 Sep 2019 09:40:09 +0200
Subject: Schannel: retain extra data after renegotiation is requested

I realized this is a potential scenario where we will have leftover
data, but it wasn't covered.

Change-Id: Ibaf1015bf2aee120e4a4d98888925b88ecb6ddfd
Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
---
 src/network/ssl/qsslsocket_schannel.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/network/ssl')

diff --git a/src/network/ssl/qsslsocket_schannel.cpp b/src/network/ssl/qsslsocket_schannel.cpp
index c5ba823832..88f66ac4ea 100644
--- a/src/network/ssl/qsslsocket_schannel.cpp
+++ b/src/network/ssl/qsslsocket_schannel.cpp
@@ -1360,6 +1360,18 @@ void QSslSocketBackendPrivate::transmit()
 #endif
                 schannelState = SchannelState::Renegotiate;
                 renegotiating = true;
+
+                if (dataBuffer[3].BufferType == SECBUFFER_EXTRA) {
+                    // https://docs.microsoft.com/en-us/windows/desktop/secauthn/extra-buffers-returned-by-schannel
+                    // dataBuffer[3].cbBuffer indicates the amount of bytes _NOT_ processed,
+                    // the rest need to be stored.
+#ifdef QSSLSOCKET_DEBUG
+                    qCDebug(lcSsl) << "We've got excess data, moving it to the intermediate buffer:"
+                                   << dataBuffer[3].cbBuffer << "bytes";
+#endif
+                    intermediateBuffer = ciphertext.right(int(dataBuffer[3].cbBuffer));
+                }
+
                 // We need to call 'continueHandshake' or else there's no guarantee it ever gets called
                 continueHandshake();
                 break;
-- 
cgit v1.2.3