From: Alexandr Nedvedicky <sashan@openssl.org>
Date: Mon, 13 Apr 2026 10:39:25 +0000 (+0200)
Subject: port_default_packet_handler() should not attempt to parse QUIC packet
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;ds=inline;p=thirdparty%2Fopenssl.git

port_default_packet_handler() should not attempt to parse QUIC packet
header when destination connection id is not present. To save CPU cycles.

Issue has been noticed and kindly reported by Dan Carpenter via
openssl-users@ mailing list.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Thu Apr 16 22:59:33 2026
(Merged from https://github.com/openssl/openssl/pull/30795)
---

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 644b4e0fe5..e9af8b21b2 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -1599,6 +1599,13 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
     if (!port->allow_incoming)
         goto undesirable;
 
+    /*
+     * packet without destination connection id is invalid/corrupted here.
+     * stop wasting CPU cycles now.
+     */
+    if (dcid == NULL)
+        goto undesirable;
+
     /*
      * We have got a packet for an unknown DCID. This might be an attempt to
      * open a new connection.