BUG/MINOR: quic: fix qc.cids access on quic-conn fail alloc

CIDs tree is now allocated dynamically since the following commit :
  276697438d50456f92487c990f20c4d726dfdb96
  MINOR: quic: Use a pool for the connection ID tree.

This can caused a crash if qc_new_conn() is interrupted due to an
intermediary failed allocation. When freeing all connection members,
free_quic_conn_cids() is used. However, this function does not support a
NULL cids.

To fix this, simply check that cids is NULL during free_quic_conn_cids()
prologue.

This bug was reproduced using -dMfail.

No need to backport.

diff --git a/include/haproxy/quic_conn.h b/include/haproxy/quic_conn.h
index 5d2fbfa05b2d8f1cd92bee279f32948b84f937d8..a1f72c0ef3e1386f55716f6bb2f153450500f24c 100644 (file)
--- a/include/haproxy/quic_conn.h
+++ b/include/haproxy/quic_conn.h
@@ -209,6 +209,9 @@ static inline void free_quic_conn_cids(struct quic_conn *conn)
 {
        struct eb64_node *node;
 
+       if (!conn->cids)
+               return;
+
        node = eb64_first(conn->cids);
        while (node) {
                struct quic_connection_id *conn_id;