mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-11 22:11:04 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: quic: Possible crash in ha_quic_set_encryption_secrets()

Browse Source 
This bug has come with this commit:
   1fc5e16c4 MINOR: quic: More accurate immediately close
As mentionned in this commit we do not want to derive anymore secret when in closing
state. But the flag which denote secrets were derived was set. Add a label at
the correct flag to skip the secrets derivation without setting this flag.
This commit is contained in:
Frédéric Lécaille 2022-03-26 12:22:41 +01:00 committed by Amaury Denoyelle
parent 6e7440b918
commit f44d19eb91
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/xprt_quic.c
View File

@ -775,7 +775,7 @@ int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t level,
BUG_ON(secret_len > QUIC_TLS_SECRET_LEN);
if (HA_ATOMIC_LOAD(&qc->flags) & QUIC_FL_CONN_IMMEDIATE_CLOSE) {
TRACE_PROTO("CC required", QUIC_EV_CONN_RWSEC, qc);
goto out;
goto no_secret;
}
if (!quic_tls_ctx_keys_alloc(tls_ctx)) {
@ -838,6 +838,7 @@ int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t level,
out:
tls_ctx->flags |= QUIC_FL_TLS_SECRETS_SET;
no_secret:
TRACE_LEAVE(QUIC_EV_CONN_RWSEC, qc, &level);
return 1;