BUG/MINOR: quic: fix free on quic-conn fail alloc

qc_new_conn() allocates several elements in intermediary steps. If one
of the fails, a global free is done on the quic_conn and its elements.
This requires that most elements are first initialized to NULL or
equivalent to ensure freeing operation is done only on proper values.

Once of this element is qc.tx.cc_buf_area. It was initialized too late
which could caused crashes. This is introduced by
  9f7cfb0a56352188854bdaef9617ca836c2a30c9
  MEDIUM: quic: Allow the quic_conn memory to be asap released.

No need to backport.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index f2957f4eda03718555739d28b6b4cf879b2ce102..a393e76c8357d9d28c75d49bcd080f5dc8914216 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -1184,6 +1184,7 @@ struct quic_conn *qc_new_conn(const struct quic_version *qv, int ipv4,
 
        /* Required to call free_quic_conn_cids() from quic_conn_release() */
        qc->cids = NULL;
+       qc->tx.cc_buf_area = NULL;
        qc_init_fd(qc);
 
        LIST_INIT(&qc->back_refs);