From b98b55c993e3163e22121935f826adc8c4025c86 Mon Sep 17 00:00:00 2001
From: mayp <mayanping@ncti-gba.cn>
Date: Mon, 3 Apr 2023 18:02:05 +0800
Subject: [PATCH] Fix CVE-2023-1108

---
 core/src/main/java/io/undertow/protocols/ssl/SslConduit.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
index 3084915..dde0e0c 100644
--- a/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
+++ b/core/src/main/java/io/undertow/protocols/ssl/SslConduit.java
@@ -852,7 +852,7 @@ public class SslConduit implements StreamSourceConduit, StreamSinkConduit {
         }
         try {
             SSLEngineResult result = null;
-            while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW)) {
+            while (result == null || (result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP && result.getStatus() != SSLEngineResult.Status.BUFFER_OVERFLOW && !engine.isInboundDone())) {
                 if (userBuffers == null) {
                     result = engine.wrap(EMPTY_BUFFER, wrappedData.getBuffer());
                 } else {
-- 
2.36.1