From 8b32b2682807cd453d0fa99d5af6c0fadf7fadba Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 7 Oct 2017 19:43:17 +0900
Subject: [PATCH] wintls: Potential fix for undecrypted read

---
 src/WinTLSSession.cc | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/src/WinTLSSession.cc b/src/WinTLSSession.cc
index 78a919a77..eba81ce86 100644
--- a/src/WinTLSSession.cc
+++ b/src/WinTLSSession.cc
@@ -514,18 +514,14 @@ ssize_t WinTLSSession::readData(void* data, size_t len)
       return TLS_ERR_ERROR;
     }
 
-    // Decrypted message successfully.
-    bool ate = false;
-    for (auto& buf : bufs) {
-      if (buf.BufferType == SECBUFFER_DATA && buf.cbBuffer > 0) {
-        decBuf_.write(buf.pvBuffer, buf.cbBuffer);
-      }
-      else if (buf.BufferType == SECBUFFER_EXTRA && buf.cbBuffer > 0) {
-        readBuf_.eat(readBuf_.size() - buf.cbBuffer);
-        ate = true;
-      }
+    // Decrypted message successfully.  Inspired from curl schannel.c.
+    if (bufs[1].BufferType == SECBUFFER_DATA && bufs[1].cbBuffer > 0) {
+      decBuf_.write(bufs[1].pvBuffer, bufs[1].cbBuffer);
     }
-    if (!ate) {
+    if (bufs[3].BufferType == SECBUFFER_EXTRA && bufs[3].cbBuffer > 0) {
+      readBuf_.eat(readBuf_.size() - bufs[3].cbBuffer);
+    }
+    else {
       readBuf_.clear();
     }