mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 20:46:11 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: fix trace crash on datagram receive

Browse Source 
Recently, datagram reception architecture has been completely reworked
to improve performance. A regression has been introduced when using
traces in qc_rcv_buf() : datagram argument is uninitialized after recv
syscall. This may cause a crash as CIDs buffer is dereferenced.

Fix this by removing dgram argument from the affected trace. A new trace
is added after quic_dgram_init() to keep the ability to display the
received content.

This issue has caused failure of all QUIC interop testing.

No need to backport.
This commit is contained in:
Amaury Denoyelle 2026-05-04 11:12:08 +02:00
parent 71267bc6a5
commit a0a510f0d2
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/quic_sock.c
View File

@ -217,7 +217,7 @@ struct task *quic_lstnr_dghdlr(struct task *t, void *ctx, unsigned int state)
return t;
}
/* Retrieve the DCID from a QUIC datagram or packet at <pos> position,
/* Retrieve the DCID from a QUIC datagram or packet at <start> position,
* <end> being at one byte past the end of this datagram.
* Returns 1 if succeeded, 0 if not.
*/
@ -855,7 +855,7 @@ int qc_rcv_buf(struct quic_conn *qc)
b_add(&buf, ret);
TRACE_DEVEL("read datagram", QUIC_EV_CONN_RCV, qc, new_dgram);
TRACE_DEVEL("read datagram", QUIC_EV_CONN_RCV, qc);
if (!quic_get_dgram_dcid(dgram_buf, dgram_buf + ret, &dcid_off, &dcid_len))
continue;
@ -873,6 +873,7 @@ int qc_rcv_buf(struct quic_conn *qc)
}
quic_dgram_init(new_dgram, dgram_buf, ret, NULL, dcid_off, dcid_len, &saddr, &daddr);
TRACE_DEVEL("datagram ready for parsing", QUIC_EV_CONN_RCV, qc, new_dgram);
quic_dgram_parse(new_dgram, qc, l ? &l->obj_type :
(qc->conn ? &__objt_server(qc->conn->target)->obj_type : NULL));
} while (ret > 0);