MINOR: quic: Release asap the negotiated Initial TLS context.

This context may be released at the same time as the Initial TLS context.
This is done calling quic_tls_ctx_secs_free() and pool_free() in two code locations.
Implement quic_nictx_free() to do that.

diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
index d433fff3d4dc07d61792c61df09bc4ade1aee5d3..dfbe8dba501a7d14586841bb1f120a439a8ddc5b 100644 (file)
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h
@@ -757,6 +757,16 @@ static inline int quic_tls_secrets_keys_alloc(struct quic_tls_secrets *secs)
        return 0;
 }
 
+/* Release the memory allocated for the negotiated Initial QUIC TLS context
+ * attached to <qc> connection.
+ */
+static inline void quic_nictx_free(struct quic_conn *qc)
+{
+       quic_tls_ctx_secs_free(qc->nictx);
+       pool_free(pool_head_quic_tls_ctx, qc->nictx);
+       qc->nictx = NULL;
+}
+
 /* Initialize a TLS cryptographic context for the Initial encryption level. */
 static inline int quic_initial_tls_ctx_init(struct quic_tls_ctx *ctx)
 {

diff --git a/src/quic_conn.c b/src/quic_conn.c
index da471bb818707af6e95aefb3d9fb39f9fb63cf61..2b3814976516a06f42c42c866ca5f4f6fddfc890 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -3356,6 +3356,8 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
                                qc_set_timer(qc);
                                qc_el_rx_pkts_del(qc->iel);
                                qc_release_pktns_frms(qc, qc->ipktns);
+                               /* Also release the negotiated Inital TLS context. */
+                               quic_nictx_free(qc);
                        }
                    if (qc->state < QUIC_HS_ST_SERVER_HANDSHAKE)
                            qc->state = QUIC_HS_ST_SERVER_HANDSHAKE;
@@ -5221,6 +5223,8 @@ struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state)
                quic_pktns_release(qc, &qc->ipktns);
                qc_enc_level_free(qc, &qc->hel);
                quic_pktns_release(qc, &qc->hpktns);
+               /* Also release the negotiated Inital TLS context. */
+               quic_nictx_free(qc);
        }
 
        TRACE_PROTO("ssl error", QUIC_EV_CONN_IO_CB, qc, &st, &ssl_err);