If the loss detection timer has fired we may not have lost packets

We calculate the delay from the point that a packet arrives until it will
be counted as lost based on rtt info. Looking at all the packets we can
then calculate the earliest time that a packet will be counted as lost.
When that timer fires the latest rtt info may have changed and therefore
the packet may no longer be counted as lost yet.

We should not assume that just because the ackm timeout has fired that
there will definitely be lost packets.

Fixes #22538

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22541)

diff --git a/ssl/quic/quic_ackm.c b/ssl/quic/quic_ackm.c
index 728a186d3b057c759c12e1609406e6cda8086953..75a1e5741a030b5a426a83e6e73c62cffbdae3a3 100644 (file)
--- a/ssl/quic/quic_ackm.c
+++ b/ssl/quic/quic_ackm.c
@@ -1301,8 +1301,8 @@ int ossl_ackm_on_timeout(OSSL_ACKM *ackm)
     if (!ossl_time_is_zero(earliest_loss_time)) {
         /* Time threshold loss detection. */
         lost_pkts = ackm_detect_and_remove_lost_pkts(ackm, pkt_space);
-        assert(lost_pkts != NULL);
-        ackm_on_pkts_lost(ackm, pkt_space, lost_pkts, /*pseudo=*/0);
+        if (lost_pkts != NULL)
+            ackm_on_pkts_lost(ackm, pkt_space, lost_pkts, /*pseudo=*/0);
         ackm_set_loss_detection_timer(ackm);
         return 1;
     }