BUG/MEDIUM: quic-be: avoid crashes when releasing Initial pktns

This bug arrived with this fix:

    BUG/MINOR: quic-be: missing Initial packet number space discarding

leading to crashes when dereferencing ->ipktns.

Such crashes could be reproduced with -dMfail option. To reach them, the
memory allocations must fail. So, this is relatively rare, except on systems
with limited memory.

To fix this, do not call quic_pktns_discard() if ->ipktns is NULL.

No need to backport.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 311598392e2f6874dea4d9854eec73d4591b5d49..7c0fcb7dabc4c864bb62bec066b04fe67694425c 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -916,7 +916,7 @@ struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state)
         * discard Initial keys when it first sends a Handshake packet...
         */
 
-       if (qc_is_back(qc) && !quic_tls_pktns_is_dcd(qc, qc->ipktns) &&
+       if (qc_is_back(qc) && qc->ipktns && !quic_tls_pktns_is_dcd(qc, qc->ipktns) &&
            qc->hpktns && qc->hpktns->tx.in_flight > 0) {
                /* Discard the Initial packet number space. */
                TRACE_PROTO("discarding Initial pktns", QUIC_EV_CONN_PRSHPKT, qc);