mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 15:47:01 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: Dereferenced unchecked pointer to Handshke packet number space

Browse Source 
This issue was reported by longrtt interop test with quic-go as client
and @chipitsine in GH #2282 when haproxy is compiled against libressl.

Add two checks to prevent a pointer to the Handshake packet number space
to be dereferenced if this packet number space was released.

Thank you to @chipitsine for this report.

No need to backport.
This commit is contained in:
Frdric Lcaille 2023-09-06 09:15:55 +02:00 committed by Willy Tarreau
parent 700ca14fc1
commit e7240a0ba6
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/quic_tx.c
View File

@ -1339,6 +1339,7 @@ int qc_dgrams_retransmit(struct quic_conn *qc)
goto leave; goto leave;
/* Put back unsent frames in their packet number spaces */ /* Put back unsent frames in their packet number spaces */
LIST_SPLICE(&ipktns->tx.frms, &ifrms); LIST_SPLICE(&ipktns->tx.frms, &ifrms);
if (hpktns)
LIST_SPLICE(&hpktns->tx.frms, &hfrms); LIST_SPLICE(&hpktns->tx.frms, &hfrms);
} }
else { else {
@ -1357,6 +1358,7 @@ int qc_dgrams_retransmit(struct quic_conn *qc)
TRACE_STATE("no more need to probe Initial packet number space", TRACE_STATE("no more need to probe Initial packet number space",
QUIC_EV_CONN_TXPKT, qc); QUIC_EV_CONN_TXPKT, qc);
ipktns->flags &= ~QUIC_FL_PKTNS_PROBE_NEEDED; ipktns->flags &= ~QUIC_FL_PKTNS_PROBE_NEEDED;
if (hpktns)
hpktns->flags &= ~QUIC_FL_PKTNS_PROBE_NEEDED; hpktns->flags &= ~QUIC_FL_PKTNS_PROBE_NEEDED;
} }
else { else {