mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 07:07:04 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: fix qc.cids access on quic-conn fail alloc

Browse Source 
CIDs tree is now allocated dynamically since the following commit :
  276697438d
  MINOR: quic: Use a pool for the connection ID tree.

This can caused a crash if qc_new_conn() is interrupted due to an
intermediary failed allocation. When freeing all connection members,
free_quic_conn_cids() is used. However, this function does not support a
NULL cids.

To fix this, simply check that cids is NULL during free_quic_conn_cids()
prologue.

This bug was reproduced using -dMfail.

No need to backport.
This commit is contained in:
Amaury Denoyelle 2023-10-11 15:40:38 +02:00
parent 5798b5bb14
commit 7d76ffb2a4
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/haproxy/quic_conn.h
View File

@ -209,6 +209,9 @@ static inline void free_quic_conn_cids(struct quic_conn *conn)
{
struct eb64_node *node;
if (!conn->cids)
return;
node = eb64_first(conn->cids);
while (node) {
struct quic_connection_id *conn_id;