BUG/MINOR: quic-sock: do not double free session on conn init failure

In the quic_session_accept, connection is in charge to call the
quic-conn start callback. If this callback fails for whatever reason,
there is a crash because of an explicit session_free.

This happens because the connection is now the owner of the session due
to previous conn_complete_session call. It will automatically calls
session_free. Fix this by skipping the session_free explicit invocation
on error.

In practice, currently this has never happened as there is only limited
cases of failures for conn_xprt_start for QUIC.

diff --git a/src/quic_sock.c b/src/quic_sock.c
index 1aa0015993aba6c68aeb753e1de95e3fe3ebe43a..3baf3fd13377d2d92972eec45bc740c7219612bb 100644 (file)
--- a/src/quic_sock.c
+++ b/src/quic_sock.c
@@ -66,8 +66,16 @@ int quic_session_accept(struct connection *cli_conn)
        if (conn_complete_session(cli_conn) < 0)
                goto out_free_sess;
 
-       if (conn_xprt_start(cli_conn) >= 0)
-               return 1;
+       if (conn_xprt_start(cli_conn) < 0) {
+               /* conn_complete_session has succeeded : conn is the owner of
+                * the session and the MUX is initialized.
+                * Let the MUX free all resources on error.
+                */
+               cli_conn->mux->destroy(cli_conn->ctx);
+               return -1;
+       }
+
+       return 1;
 
  out_free_sess:
        /* prevent call to listener_release during session_free. It will be