MINOR: quic: Release asap the negotiated Initial TLS context.

This context may be released at the same time as the Initial TLS context. This is done calling quic_tls_ctx_secs_free() and pool_free() in two code locations. Implement quic_nictx_free() to do that.
2026-01-23 19:11:14 +01:00 · 2023-07-04 11:09:25 +02:00 · 2023-07-04 11:09:25 +02:00 · 2b8510d722
commit 2b8510d722
parent 90a63ae4fa
2 changed files with 14 additions and 0 deletions
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h
@ -757,6 +757,16 @@ static inline int quic_tls_secrets_keys_alloc(struct quic_tls_secrets *secs)
 	return 0;
 }

+/* Release the memory allocated for the negotiated Initial QUIC TLS context
+ * attached to <qc> connection.
+ */
+static inline void quic_nictx_free(struct quic_conn *qc)
+{
+	quic_tls_ctx_secs_free(qc->nictx);
+	pool_free(pool_head_quic_tls_ctx, qc->nictx);
+	qc->nictx = NULL;
+}
+
 /* Initialize a TLS cryptographic context for the Initial encryption level. */
 static inline int quic_initial_tls_ctx_init(struct quic_tls_ctx *ctx)
 {
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@ -3356,6 +3356,8 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
 				qc_set_timer(qc);
 				qc_el_rx_pkts_del(qc->iel);
 				qc_release_pktns_frms(qc, qc->ipktns);
+				/* Also release the negotiated Inital TLS context. */
+				quic_nictx_free(qc);
 			}
 		    if (qc->state < QUIC_HS_ST_SERVER_HANDSHAKE)
 			    qc->state = QUIC_HS_ST_SERVER_HANDSHAKE;
@ -5221,6 +5223,8 @@ struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state)
 		quic_pktns_release(qc, &qc->ipktns);
 		qc_enc_level_free(qc, &qc->hel);
 		quic_pktns_release(qc, &qc->hpktns);
+		/* Also release the negotiated Inital TLS context. */
+		quic_nictx_free(qc);
 	}

 	TRACE_PROTO("ssl error", QUIC_EV_CONN_IO_CB, qc, &st, &ssl_err);