Reading pending TLS bytes can take us over at_most
In connection_read_to_buf(), after we fetch pending TLS bytes, we re-set 'result' to be the total number of bytes actually read. But later we do:
if (more_to_read && result == at_most) {
slack_in_buf = buf_slack(conn->inbuf);
at_most = more_to_read;
goto again;
}
That's not good; 'result' can also be >= at_most, which might also mean that we should try reading more, maybe.
Reported pseudonymously; the reporter attached this patch. Possibly backportable to 0.2.3.