BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure

On quic_tx_packet allocation failure, it is possible to trigger BUG_ON()
crash on INITIAL packet building. This statement is responsible to
ensure INITIAL packets are padded to 1.200 bytes as required. If a
packet on higher encryption level allocation fails, PADDING frame cannot
properly encoded, despite the INITIAL packet properly built.

This crash happens due to qc_txb_store() invokation after quic_tx_packet
allocation failure to validate already built packets. However, this
statement is unneeded as qc_purge_tx_buf() is called just after. Simply
remove qc_txb_store() to fix this issue.

This was detected using -dMfail.

This should be backported up to 2.6.

diff --git a/src/quic_tx.c b/src/quic_tx.c
index c963688ae43562bc832797e59aefd3f47d450ca2..a2e9524c254249011057e05ed2f9ebee9b91fc41 100644 (file)
--- a/src/quic_tx.c
+++ b/src/quic_tx.c
@@ -584,8 +584,6 @@ static int qc_prep_pkts(struct quic_conn *qc, struct buffer *buf,
                        if (!cur_pkt) {
                                switch (err) {
                                case QC_BUILD_PKT_ERR_ALLOC:
-                                       if (first_pkt)
-                                               qc_txb_store(buf, dglen, first_pkt);
                                        qc_purge_tx_buf(qc, buf);
                                        break;