From 4af6595d41f99dd9fdbe33ce52350a557f22dc34 Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Tue, 15 Feb 2022 11:06:15 +0100
Subject: [PATCH] BUG/MEDIUM: quic: fix crash on CC if mux not present

If a CONNECTION_CLOSE is received during handshake or after mux release,
a segfault happens due to invalid dereferencement of qc->qcc. Check
mux_state first to prevent this.
---
 src/xprt_quic.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index bff17805c..b71e42722 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -2448,7 +2448,8 @@ static int qc_parse_pkt_frms(struct quic_rx_packet *pkt, struct ssl_sock_ctx *ct
 		case QUIC_FT_CONNECTION_CLOSE:
 		case QUIC_FT_CONNECTION_CLOSE_APP:
 			/* warn the mux to close the connection */
-			qc->qcc->flags |= QC_CF_CC_RECV;
+			if (qc->mux_state == QC_MUX_READY)
+				qc->qcc->flags |= QC_CF_CC_RECV;
 			tasklet_wakeup(qc->qcc->wait_event.tasklet);
 			break;
 		case QUIC_FT_HANDSHAKE_DONE: