mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 07:07:04 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: fix free on quic-conn fail alloc

Browse Source 
qc_new_conn() allocates several elements in intermediary steps. If one
of the fails, a global free is done on the quic_conn and its elements.
This requires that most elements are first initialized to NULL or
equivalent to ensure freeing operation is done only on proper values.

Once of this element is qc.tx.cc_buf_area. It was initialized too late
which could caused crashes. This is introduced by
  9f7cfb0a56
  MEDIUM: quic: Allow the quic_conn memory to be asap released.

No need to backport.
This commit is contained in:
Amaury Denoyelle 2023-10-11 16:04:35 +02:00
parent 7d76ffb2a4
commit 63a6f26a86
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/quic_conn.c
View File

@ -1184,6 +1184,7 @@ struct quic_conn *qc_new_conn(const struct quic_version *qv, int ipv4,
/* Required to call free_quic_conn_cids() from quic_conn_release() */ /* Required to call free_quic_conn_cids() from quic_conn_release() */
qc->cids = NULL; qc->cids = NULL;
qc->tx.cc_buf_area = NULL;
qc_init_fd(qc); qc_init_fd(qc);
LIST_INIT(&qc->back_refs); LIST_INIT(&qc->back_refs);