Update net/third_party/nss to NSS 3.15.4.

net/third_party/nss/ssl/ssl3gthr.c

 /*
  * Gather (Read) entire SSL3 records from socket into buffer.  
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "cert.h"
 #include "ssl.h"
 #include "sslimpl.h"
@@ skipping 307 matching lines @@
 
         if (handleRecordNow) {
             /* ssl3_HandleHandshake previously returned SECWouldBlock and the
              * as-yet-unprocessed plaintext of that previous handshake record.
              * We need to process it now before we overwrite it with the next
              * handshake record.
              */
             rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
         } else {
             /* bring in the next sslv3 record. */
+            if (ss->recvdCloseNotify) {
+                /* RFC 5246 Section 7.2.1:
+                 *   Any data received after a closure alert is ignored.
+                 */
+                return 0;
+            }
             if (!IS_DTLS(ss)) {
                 rv = ssl3_GatherData(ss, &ss->gs, flags);
             } else {
                 rv = dtls_GatherData(ss, &ss->gs, flags);
                 
                 /* If we got a would block error, that means that no data was
                  * available, so we check the timer to see if it's time to
                  * retransmit */
                 if (rv == SECFailure &&
                     (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) {
@@ skipping 25 matching lines @@
                 cText.seq_num.high = 0; cText.seq_num.low = 0;
                 for (i = 0; i < 4; i++) {
                     cText.seq_num.high <<= 8; cText.seq_num.low <<= 8;
                     cText.seq_num.high |= ss->gs.hdr[3 + i];
                     cText.seq_num.low |= ss->gs.hdr[7 + i];
                 }
             }
 
             cText.buf     = &ss->gs.inbuf;
             rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);
-
-            if (rv == (int) SECSuccess && ss->gs.buf.len > 0) {
-                /* We have application data to return to the application. This
-                 * prioritizes returning application data to the application over
-                 * completing any renegotiation handshake we may be doing.
-                 */
-                PORT_Assert(ss->firstHsDone);
-                PORT_Assert(cText.type == content_application_data);
-                break;
-            }
         }
         if (rv < 0) {
             return ss->recvdCloseNotify ? 0 : rv;
         }
+        if (ss->gs.buf.len > 0) {
+            /* We have application data to return to the application. This
+             * prioritizes returning application data to the application over
+             * completing any renegotiation handshake we may be doing.
+             */
+            PORT_Assert(ss->firstHsDone);
+            PORT_Assert(cText.type == content_application_data);
+            break;
+        }
 
         PORT_Assert(keepGoing);
         ssl_GetSSL3HandshakeLock(ss);
         if (ss->ssl3.hs.ws == idle_handshake) {
             /* We are done with the current handshake so stop trying to
              * handshake. Note that it would be safe to test ss->firstHsDone
              * instead of ss->ssl3.hs.ws. By testing ss->ssl3.hs.ws instead,
              * we prioritize completing a renegotiation handshake over sending
              * application data.
              */
@@ skipping 44 matching lines @@
     /* ssl3_GatherCompleteHandshake requires both of these locks. */
     PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
     PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
 
     do {
         rv = ssl3_GatherCompleteHandshake(ss, flags);
     } while (rv > 0 && ss->gs.buf.len == 0);
 
     return rv;
 }