mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-10-26 22:20:59 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic-be: unchecked connections during handshakes

Browse Source 
This bug impacts only the backends.

The ->conn (pointer to struct connection) member validity of the ssl_sock_ctx
struct was not checked before being dereferenced, leading to possible crashes
in qc_ssl_do_hanshake() during handshake.

This was reported by GH #3163 issue.

No need to backport because the QUIC backend support arrived with 3.3
This commit is contained in:
Frederic Lecaille 2025-10-20 14:27:12 +02:00
parent 7a33b90b3c
commit edd21121d2
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/quic_ssl.c
View File

@ -977,7 +977,7 @@ int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
goto err; goto err;
} }
} }
else { else if (ctx->conn) {
const unsigned char *alpn; const unsigned char *alpn;
size_t alpn_len; size_t alpn_len;
@ -998,6 +998,9 @@ int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
ctx->conn->mux->wake(ctx->conn); ctx->conn->mux->wake(ctx->conn);
qc->mux_state = QC_MUX_READY; qc->mux_state = QC_MUX_READY;
} }
else {
TRACE_PROTO("could not start the mux", QUIC_EV_CONN_IO_CB, qc);
}
qc->flags |= QUIC_FL_CONN_NEED_POST_HANDSHAKE_FRMS; qc->flags |= QUIC_FL_CONN_NEED_POST_HANDSHAKE_FRMS;
if (!qc_is_back(qc)) { if (!qc_is_back(qc)) {