From f44d19eb91221ebb6b475bac45daeaf30c6a4cb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Sat, 26 Mar 2022 12:22:41 +0100 Subject: [PATCH] BUG/MEDIUM: quic: Possible crash in ha_quic_set_encryption_secrets() This bug has come with this commit: 1fc5e16c4 MINOR: quic: More accurate immediately close As mentionned in this commit we do not want to derive anymore secret when in closing state. But the flag which denote secrets were derived was set. Add a label at the correct flag to skip the secrets derivation without setting this flag. --- src/xprt_quic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/xprt_quic.c b/src/xprt_quic.c index e13773f5b..901030413 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -775,7 +775,7 @@ int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t level, BUG_ON(secret_len > QUIC_TLS_SECRET_LEN); if (HA_ATOMIC_LOAD(&qc->flags) & QUIC_FL_CONN_IMMEDIATE_CLOSE) { TRACE_PROTO("CC required", QUIC_EV_CONN_RWSEC, qc); - goto out; + goto no_secret; } if (!quic_tls_ctx_keys_alloc(tls_ctx)) { @@ -838,6 +838,7 @@ int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t level, out: tls_ctx->flags |= QUIC_FL_TLS_SECRETS_SET; + no_secret: TRACE_LEAVE(QUIC_EV_CONN_RWSEC, qc, &level); return 1;