mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-05 04:56:10 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: avoid leaking post handshake frames

Browse Source 
This bug came with this commit:
	f627b92 BUG/MEDIUM: quic: always validate sender address on 0-RTT
If an error happens in quic_build_post_handshake_frames() during the
code exexuted for th NEW_TOKEN frame allocation, some could leak because
of the wrong label used to interrupt this function asap.
Replace the "goto leave" by "goto err" to deallocated such frames to fix
this issue.

Must be backported as far as 2.9.
This commit is contained in:
Frederic Lecaille 2024-10-17 07:38:14 +02:00
parent e7be13da87
commit 19aa320f64
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/quic_conn.c
View File

@ -462,7 +462,7 @@ int quic_stateless_reset_token_cpy(unsigned char *pos, size_t len,
*/
int quic_build_post_handshake_frames(struct quic_conn *qc)
{
int ret = 0, max;
int ret = 0, max = 0;
struct quic_enc_level *qel;
struct quic_frame *frm, *frmbak;
struct list frm_list = LIST_HEAD_INIT(frm_list);
@ -488,7 +488,7 @@ int quic_build_post_handshake_frames(struct quic_conn *qc)
frm = qc_frm_alloc(QUIC_FT_NEW_TOKEN);
if (!frm) {
TRACE_ERROR("frame allocation error", QUIC_EV_CONN_IO_CB, qc);
goto leave;
goto err;
}
new_token_frm_len =
@ -496,7 +496,7 @@ int quic_build_post_handshake_frames(struct quic_conn *qc)
sizeof(frm->new_token.data), &qc->peer_addr);
if (!new_token_frm_len) {
TRACE_ERROR("token generation failed", QUIC_EV_CONN_IO_CB, qc);
goto leave;
goto err;
}
BUG_ON(new_token_frm_len != sizeof(frm->new_token.data));