From bc964bd1aecab858bb74a24240cd7b2836e229ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Wed, 13 Apr 2022 16:20:09 +0200 Subject: [PATCH] BUG/MINOR: quic: Avoid starting the mux if no ALPN sent by the client If the client does not sent an ALPN, the SSL ALPN negotiation callback is not called. However, the handshake is reported as successful. Check just after SSL_do_handshake if an ALPN was negotiated. If not, emit a CONNECTION_CLOSE with a TLS alert to close the connection. This prevent a crash in qcc_install_app_ops() called with null as second parameter value. --- src/xprt_quic.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/xprt_quic.c b/src/xprt_quic.c index 2726a276f..6ab18d871 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -2068,6 +2068,14 @@ static inline int qc_provide_cdata(struct quic_enc_level *el, } TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_IO_CB, qc, &state); + + /* Check the alpn could be negotiated */ + if (!qc->app_ops) { + TRACE_PROTO("No ALPN", QUIC_EV_CONN_IO_CB, qc, &state); + quic_set_tls_alert(qc, SSL_AD_NO_APPLICATION_PROTOCOL); + goto err; + } + /* I/O callback switch */ ctx->wait_event.tasklet->process = quic_conn_app_io_cb; if (qc_is_listener(ctx->qc)) {