mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 13:51:26 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: Possible crash when issuing "show fd/sess" CLI commands

Browse Source 
->xprt_ctx (struct ssl_sock_ctx) and ->conn (struct connection) must be kept
by the remaining QUIC connection object (struct quic_cc_conn) after having
release the previous one (struct quic_conn) to allow "show fd/sess" commands
to be functional without causing haproxy crashes.

No need to backport.
This commit is contained in:
Frédéric Lécaille 2023-08-11 11:21:31 +02:00
parent 5d602f4f33
commit b0e32c6263
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/haproxy/quic_conn-t.h
View File

@ -495,6 +495,11 @@ struct quic_conn_cntrs {
/* Idle timer task */ \ /* Idle timer task */ \
struct task *idle_timer_task; \ struct task *idle_timer_task; \
unsigned int idle_expire; \ unsigned int idle_expire; \
struct ssl_sock_ctx *xprt_ctx; \
/* Used only to reach the tasklet for the I/O handler from this \
* quic_conn object. \
*/ \
struct connection *conn; \
} }
struct quic_conn { struct quic_conn {
@ -531,14 +536,10 @@ struct quic_conn {
/* List of packet number spaces attached to this connection */ /* List of packet number spaces attached to this connection */
struct list pktns_list; struct list pktns_list;
struct ssl_sock_ctx *xprt_ctx;
#ifdef USE_QUIC_OPENSSL_COMPAT #ifdef USE_QUIC_OPENSSL_COMPAT
struct quic_openssl_compat openssl_compat; struct quic_openssl_compat openssl_compat;
#endif #endif
/* Used only to reach the tasklet for the I/O handler from this quic_conn object. */
struct connection *conn;
struct { struct {
/* Transport parameters sent by the peer */ /* Transport parameters sent by the peer */
struct quic_transport_params params; struct quic_transport_params params;

18
src/quic_conn.c
View File

@ -756,6 +756,8 @@ static void quic_release_cc_conn(struct quic_cc_conn *cc_qc)
{ {
struct quic_conn *qc = (struct quic_conn *)cc_qc; struct quic_conn *qc = (struct quic_conn *)cc_qc;
TRACE_ENTER(QUIC_EV_CONN_IO_CB, cc_qc);
if (qc_test_fd(qc)) if (qc_test_fd(qc))
_HA_ATOMIC_DEC(&jobs); _HA_ATOMIC_DEC(&jobs);
@ -769,7 +771,11 @@ static void quic_release_cc_conn(struct quic_cc_conn *cc_qc)
cc_qc->cids = NULL; cc_qc->cids = NULL;
pool_free(pool_head_quic_cc_buf, cc_qc->cc_buf_area); pool_free(pool_head_quic_cc_buf, cc_qc->cc_buf_area);
cc_qc->cc_buf_area = NULL; cc_qc->cc_buf_area = NULL;
/* free the SSL sock context */
qc_free_ssl_sock_ctx(&cc_qc->xprt_ctx);
pool_free(pool_head_quic_cc_conn, cc_qc); pool_free(pool_head_quic_cc_conn, cc_qc);
TRACE_ENTER(QUIC_EV_CONN_IO_CB);
} }
/* QUIC connection packet handler task used when in "closing connection" state. */ /* QUIC connection packet handler task used when in "closing connection" state. */
@ -872,8 +878,15 @@ static struct quic_cc_conn *qc_new_cc_conn(struct quic_conn *qc)
cc_qc->idle_timer_task->context = cc_qc; cc_qc->idle_timer_task->context = cc_qc;
cc_qc->idle_expire = qc->idle_expire; cc_qc->idle_expire = qc->idle_expire;
cc_qc->xprt_ctx = qc->xprt_ctx;
qc->xprt_ctx = NULL;
cc_qc->conn = qc->conn;
qc->conn = NULL;
cc_qc->cc_buf_area = qc->tx.cc_buf_area; cc_qc->cc_buf_area = qc->tx.cc_buf_area;
cc_qc->cc_dgram_len = qc->tx.cc_dgram_len; cc_qc->cc_dgram_len = qc->tx.cc_dgram_len;
TRACE_PRINTF(TRACE_LEVEL_PROTO, QUIC_EV_CONN_IO_CB, qc, 0, 0, 0,
"switch qc@%p to cc_qc@%p", qc, cc_qc);
return cc_qc; return cc_qc;
} }
@ -1418,6 +1431,8 @@ void quic_conn_release(struct quic_conn *qc)
qc->cids = NULL; qc->cids = NULL;
pool_free(pool_head_quic_cc_buf, qc->tx.cc_buf_area); pool_free(pool_head_quic_cc_buf, qc->tx.cc_buf_area);
qc->tx.cc_buf_area = NULL; qc->tx.cc_buf_area = NULL;
/* free the SSL sock context */
qc_free_ssl_sock_ctx(&qc->xprt_ctx);
} }
/* in the unlikely (but possible) case the connection was just added to /* in the unlikely (but possible) case the connection was just added to
@ -1449,9 +1464,6 @@ void quic_conn_release(struct quic_conn *qc)
task_destroy(qc->timer_task); task_destroy(qc->timer_task);
qc->timer_task = NULL; qc->timer_task = NULL;
/* free the SSL sock context */
qc_free_ssl_sock_ctx(&qc->xprt_ctx);
quic_tls_ku_free(qc); quic_tls_ku_free(qc);
if (qc->ael) { if (qc->ael) {
struct quic_tls_ctx *actx = &qc->ael->tls_ctx; struct quic_tls_ctx *actx = &qc->ael->tls_ctx;