MINOR: quic: Wrong datagram buffer passed to quic_lstnr_dgram_dispatch()

The same datagram could be passed to quic_lstnr_dgram_dispatch() before
being consumed by qc_lstnr_pkt_rcv() leading to a wrong decryption for the packet
number decryption, then a decryption error for the data. This was due to
a wrong datagram buffer passed to quic_lstnr_dgram_dispatch(). The datagram data
which must be passed to quic_lstnr_dgram_dispatch() are the same as the one
passed to recvfrom().

diff --git a/src/quic_sock.c b/src/quic_sock.c
index 087a65dedb0402fc090f10b163efd29db389bcfa..9a1e5b0637a8390b9b1004300185451e422b817e 100644 (file)
--- a/src/quic_sock.c
+++ b/src/quic_sock.c
@@ -176,6 +176,7 @@ void quic_sock_fd_iocb(int fd)
        size_t max_sz, cspace;
        socklen_t saddrlen;
        struct quic_dgram *dgram, *dgramp, *new_dgram;
+       unsigned char *dgram_buf;
 
        BUG_ON(!l);
 
@@ -224,11 +225,13 @@ void quic_sock_fd_iocb(int fd)
                b_add(buf, cspace);
                if (b_contig_space(buf) < max_sz)
                        goto out;
+
        }
 
+       dgram_buf = (unsigned char *)b_tail(buf);
        saddrlen = sizeof saddr;
        do {
-               ret = recvfrom(fd, b_tail(buf), max_sz, 0,
+               ret = recvfrom(fd, dgram_buf, max_sz, 0,
                               (struct sockaddr *)&saddr, &saddrlen);
                if (ret < 0) {
                        if (errno == EINTR)
@@ -240,8 +243,8 @@ void quic_sock_fd_iocb(int fd)
        } while (0);
 
        b_add(buf, ret);
-       if (!quic_lstnr_dgram_dispatch((unsigned char *)b_head(buf), ret,
-                                      l, &saddr, new_dgram, &rxbuf->dgrams)) {
+       if (!quic_lstnr_dgram_dispatch(dgram_buf, ret, l, &saddr,
+                                      new_dgram, &rxbuf->dgrams)) {
                /* If wrong, consume this datagram */
                b_del(buf, ret);
        }