From cb729fb64d18815fd73e48d24f0d58a830aee63c Mon Sep 17 00:00:00 2001 From: Frederic Lecaille Date: Tue, 21 Jan 2025 15:49:51 +0100 Subject: [PATCH] BUG/MINOR: quic: ensure a detached coalesced packet can't access its neighbours Reset ->prev and ->next fields of a coalesced TX packet to ensure it cannot access several times its neighbours after it is supposed to be detached from them calling quic_tx_packet_dgram_detach(). There are two cases where a packet can be coalesced to another previous built one: this is when it is built into the same datagrame without GSO (and flagged flag with QUIC_FL_TX_PACKET_COALESCED) or when sent from the same sendto() syscall with GOS (not flagged with QUIC_FL_TX_PACKET_COALESCED). This fix may be in relation with GH #2839. Must be backported as far as 2.6. --- include/haproxy/quic_tx.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/haproxy/quic_tx.h b/include/haproxy/quic_tx.h index 970d8d598..9961a2384 100644 --- a/include/haproxy/quic_tx.h +++ b/include/haproxy/quic_tx.h @@ -63,6 +63,7 @@ static inline void quic_tx_packet_dgram_detach(struct quic_tx_packet *pkt) pkt->prev->next = pkt->next; if (pkt->next) pkt->next->prev = pkt->prev; + pkt->prev = pkt->next = NULL; }