From 214c533a13497d4001effba43ac5033ad93b4750 Mon Sep 17 00:00:00 2001
From: Dave Horton <daveh@beachdognet.com>
Date: Fri, 19 Jul 2024 16:26:01 -0400
Subject: [PATCH 1/2] 10 sequential reads of SSL should only cause us to bomb
 out if all returned zero bytes

---
 lib/roles/ws/ops-ws.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/roles/ws/ops-ws.c b/lib/roles/ws/ops-ws.c
index 85eb8de3a..7ae0749e3 100644
--- a/lib/roles/ws/ops-ws.c
+++ b/lib/roles/ws/ops-ws.c
@@ -942,6 +942,7 @@ lws_is_ws_with_ext(struct lws *wsi)
 #endif
 }
 
+#define SANITY_READS (10)
 static int
 rops_handle_POLLIN_ws(struct lws_context_per_thread *pt, struct lws *wsi,
 		       struct lws_pollfd *pollfd)
@@ -949,7 +950,7 @@ rops_handle_POLLIN_ws(struct lws_context_per_thread *pt, struct lws *wsi,
 	unsigned int pending = 0;
 	struct lws_tokens ebuf;
 	char buffered = 0;
-	int n = 0, m, sanity = 10;
+	int n = 0, m, sanity = SANITY_READS, zero_len_reads = 0;
 #if defined(LWS_WITH_HTTP2)
 	struct lws *wsi1;
 #endif
@@ -1193,6 +1194,7 @@ rops_handle_POLLIN_ws(struct lws_context_per_thread *pt, struct lws *wsi,
 				/* we closed wsi */
 				return LWS_HPI_RET_WSI_ALREADY_DIED;
 			}
+      if (n == 0) zero_len_reads++;
 			//lws_buflist_describe(&wsi->buflist, wsi, __func__);
 			//lwsl_notice("%s: consuming %d / %d\n", __func__, n, ebuf.len);
 			if (ebuf.len < 0 ||
@@ -1235,7 +1237,7 @@ rops_handle_POLLIN_ws(struct lws_context_per_thread *pt, struct lws *wsi,
 				// RX Extension needs to be drained before next read
 				n = lws_ws_rx_sm(wsi, ALREADY_PROCESSED_IGNORE_CHAR, 0);
 				if (n < 0) {
-					return LWS_HPI_RET_PLEASE_CLOSE_ME;
+					return zero_len_reads == SANITY_READS ? LWS_HPI_RET_PLEASE_CLOSE_ME : LWS_HPI_RET_HANDLED;
 				}
 			}
 #endif

From fc2aba60d1509f0958fcb72b66186b2f8c7a52e6 Mon Sep 17 00:00:00 2001
From: Dave Horton <daveh@beachdognet.com>
Date: Fri, 19 Jul 2024 16:35:52 -0400
Subject: [PATCH 2/2] fix prev commit

---
 lib/roles/ws/ops-ws.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/roles/ws/ops-ws.c b/lib/roles/ws/ops-ws.c
index 7ae0749e3..67092e338 100644
--- a/lib/roles/ws/ops-ws.c
+++ b/lib/roles/ws/ops-ws.c
@@ -1237,7 +1237,7 @@ rops_handle_POLLIN_ws(struct lws_context_per_thread *pt, struct lws *wsi,
 				// RX Extension needs to be drained before next read
 				n = lws_ws_rx_sm(wsi, ALREADY_PROCESSED_IGNORE_CHAR, 0);
 				if (n < 0) {
-					return zero_len_reads == SANITY_READS ? LWS_HPI_RET_PLEASE_CLOSE_ME : LWS_HPI_RET_HANDLED;
+					return LWS_HPI_RET_PLEASE_CLOSE_ME;
 				}
 			}
 #endif
@@ -1248,7 +1248,7 @@ rops_handle_POLLIN_ws(struct lws_context_per_thread *pt, struct lws *wsi,
 			 * Something has gone wrong, we are spinning...
 			 * let's bail on this connection
 			 */
-			return LWS_HPI_RET_PLEASE_CLOSE_ME;
+			return zero_len_reads == SANITY_READS ? LWS_HPI_RET_PLEASE_CLOSE_ME : LWS_HPI_RET_HANDLED;
 	}
 
 	if (buffered && /* were draining, now nothing left */