BUG/MEDIUM: quic: Non initialized CRYPTO data stream deferencing

This bug arrived with this commit:
   BUG/MINOR: quic: Useless use of non-contiguous buffer for in order CRYPTO data

Before this commit qc->cstream was tested before entering qc_treat_rx_crypto_frms().
This patch restablishes this behavior. Furthermore, it simplyfies
qc_ssl_provide_all_quic_data() which is a little bit ugly: the CRYPTO data
frame may be freed asap in the list_for_each_entry_safe() block after
having store its data pointer and length in local variables.
Also interrupt the CRYPTO data process as soon as qc_ssl_provide_quic_data()
or qc_treat_rx_crypto_frms() fail.

No need to be backported.

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 814b1b1c51105a469f7ca0234207eefd720a625e..bc5f0eaccdbd76d21e3ffda9a612fc23c93e0d8e 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -638,30 +638,28 @@ int qc_ssl_provide_all_quic_data(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
 
        TRACE_ENTER(QUIC_EV_CONN_PHPKTS, qc);
        list_for_each_entry(qel, &qc->qel_list, list) {
-               int ssl_ret;
                struct qf_crypto *qf_crypto, *qf_back;
 
-               ssl_ret = 1;
                list_for_each_entry_safe(qf_crypto, qf_back, &qel->rx.crypto_frms, list) {
-                       ssl_ret = qc_ssl_provide_quic_data(&ncbuf, qel->level, ctx,
-                                                          qf_crypto->data, qf_crypto->len);
+                       const unsigned char *crypto_data = qf_crypto->data;
+                       size_t crypto_len = qf_crypto->len;
+
                        /* Free this frame asap */
                        LIST_DELETE(&qf_crypto->list);
                        pool_free(pool_head_qf_crypto, qf_crypto);
 
-                       if (!ssl_ret) {
-                               TRACE_DEVEL("null ssl_ret", QUIC_EV_CONN_PHPKTS, qc, qel);
-                               break;
-                       }
+                       if (!qc_ssl_provide_quic_data(&ncbuf, qel->level, ctx,
+                                                     crypto_data, crypto_len))
+                               goto leave;
 
                        TRACE_DEVEL("buffered crypto data were provided to TLS stack",
                                                QUIC_EV_CONN_PHPKTS, qc, qel);
                }
 
-               if (!qc_treat_rx_crypto_frms(qc, qel, ctx))
-                       ssl_ret = 0;
+               if (!qel->cstream)
+                       continue;
 
-               if (!ssl_ret)
+               if (!qc_treat_rx_crypto_frms(qc, qel, ctx))
                        goto leave;
        }