From: Matt Caswell Date: Tue, 17 Oct 2023 13:55:48 +0000 (+0100) Subject: Ignore ping deadline when calculating tick deadline if we can't send X-Git-Tag: openssl-3.2.0-beta1~64 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=098f27f9ef8be2a418f76896ee3c824e8709fcf7;p=thirdparty%2Fopenssl.git Ignore ping deadline when calculating tick deadline if we can't send If the CC TX allowance is zero then we cannot send a PING frame at the moment, so do not take into account the ping deadline when calculating the tick deadline in that case. This avoids the hang found by the fuzzer mentioned in https://github.com/openssl/openssl/pull/22368#issuecomment-1765131727 Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22410) --- diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index a6ed14664ea..0462fd24110 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -2598,6 +2598,13 @@ static OSSL_TIME ch_determine_next_tick_deadline(QUIC_CHANNEL *ch) ossl_quic_enc_level_to_pn_space(i))); } } + + /* + * When do we need to send an ACK-eliciting packet to reset the idle + * deadline timer for the peer? + */ + if (!ossl_time_is_infinite(ch->ping_deadline)) + deadline = ossl_time_min(deadline, ch->ping_deadline); } /* Apply TXP wakeup deadline. */ @@ -2612,14 +2619,6 @@ static OSSL_TIME ch_determine_next_tick_deadline(QUIC_CHANNEL *ch) deadline = ossl_time_min(deadline, ch->idle_deadline); - /* - * When do we need to send an ACK-eliciting packet to reset the idle - * deadline timer for the peer? - */ - if (!ossl_time_is_infinite(ch->ping_deadline)) - deadline = ossl_time_min(deadline, - ch->ping_deadline); - /* When does the RXKU process complete? */ if (ch->rxku_in_progress) deadline = ossl_time_min(deadline, ch->rxku_update_end_deadline);