mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-09 03:31:41 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: Wrong Initial packet connection initialization

Browse Source 
->qc (QUIC connection) member of packet structure were badly initialized
when received as second Initial packet (from picoquic -Q for instance).
This leaded to corrupt the quic_conn structure with random behaviors
as size effects. This bug came with this commit:
   "MINOR: quic: Possible wrong connection identification"
This commit is contained in:
Frédéric Lécaille 2021-11-15 16:21:40 +01:00
parent ca98a7f9c0
commit f67b35620e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/xprt_quic.c
View File

@ -3759,9 +3759,9 @@ static ssize_t qc_lstnr_pkt_rcv(unsigned char **buf, const unsigned char *end,
} }
HA_RWLOCK_WRUNLOCK(QUIC_LOCK, &l->rx.cids_lock); HA_RWLOCK_WRUNLOCK(QUIC_LOCK, &l->rx.cids_lock);
pkt->qc = qc;
if (n == &qc->odcid_node) { if (n == &qc->odcid_node) {
/* Enqueue this packet. */ /* Enqueue this packet. */
pkt->qc = qc;
MT_LIST_APPEND(&l->rx.pkts, &pkt->rx_list); MT_LIST_APPEND(&l->rx.pkts, &pkt->rx_list);
/* Try to accept a new connection. */ /* Try to accept a new connection. */
listener_accept(l); listener_accept(l);
@ -3769,6 +3769,7 @@ static ssize_t qc_lstnr_pkt_rcv(unsigned char **buf, const unsigned char *end,
else { else {
quic_conn_free(qc); quic_conn_free(qc);
qc = ebmb_entry(n, struct quic_conn, odcid_node); qc = ebmb_entry(n, struct quic_conn, odcid_node);
pkt->qc = qc;
} }
/* This is the DCID node sent in this packet by the client. */ /* This is the DCID node sent in this packet by the client. */