From ba76a06f5677e7de556781a4c06cc947f392e0c5 Mon Sep 17 00:00:00 2001
From: Yakov Olkhovskiy <yakov@clickhouse.com>
Date: Fri, 14 Jun 2024 01:35:08 +0000
Subject: [PATCH] potentially very serious bug is fixed for secure socket

---
 src/IO/ReadBufferFromPocoSocket.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/IO/ReadBufferFromPocoSocket.cpp b/src/IO/ReadBufferFromPocoSocket.cpp
index af58efc7e10..6361fed01dd 100644
--- a/src/IO/ReadBufferFromPocoSocket.cpp
+++ b/src/IO/ReadBufferFromPocoSocket.cpp
@@ -134,11 +134,14 @@ ReadBufferFromPocoSocketBase::ReadBufferFromPocoSocketBase(Poco::Net::Socket & s
 
 bool ReadBufferFromPocoSocketBase::poll(size_t timeout_microseconds) const
 {
-    if (available())
+    /// For secure socket it is important to check if any remaining data available in underlying decryption buffer -
+    /// read always retrives the whole encrypted frame from the wire and puts it into underlying buffer while returning only requested size -
+    /// further poll() can block though there is still data to read in the underlying decryption buffer.
+    if (available() || socket.impl()->available())
         return true;
 
     Stopwatch watch;
-    bool res = socket.poll(timeout_microseconds, Poco::Net::Socket::SELECT_READ | Poco::Net::Socket::SELECT_ERROR);
+    bool res = socket.impl()->poll(timeout_microseconds, Poco::Net::Socket::SELECT_READ | Poco::Net::Socket::SELECT_ERROR);
     ProfileEvents::increment(ProfileEvents::NetworkReceiveElapsedMicroseconds, watch.elapsedMicroseconds());
     return res;
 }