From f0f92b2db8b95d5fbd9bc8def073ed2c3317f5d3 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Tue, 9 Aug 2022 17:52:52 +0200 Subject: [PATCH] BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level When arriving at the handshake completion, next encryption level will be null on quic_conn_io_cb(). Thus this must be check this before dereferencing it via qc_need_sending() to prevent a crash. This was reproduced quickly when browsing over a local nextcloud instance through QUIC with firefox. This has been introduced in the current dev with quic-conn Tx refactoring. No need to backport it. --- src/xprt_quic.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/xprt_quic.c b/src/xprt_quic.c index 076d93699..87396ea15 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -3961,8 +3961,10 @@ struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state) if (!quic_get_tls_enc_levels(&tel, &next_tel, st, 0)) goto err; - if (!qc_need_sending(qc, qel) && !qc_need_sending(qc, next_qel)) + if (!qc_need_sending(qc, qel) && + (!next_qel || !qc_need_sending(qc, next_qel))) { goto skip_send; + } buf = qc_txb_alloc(qc); if (!buf)