From: Amaury Denoyelle Date: Mon, 12 Dec 2022 10:24:05 +0000 (+0100) Subject: BUG/MINOR: quic: handle alloc failure on qc_new_conn() for owned socket X-Git-Tag: v2.8-dev1~145 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4244833c5f645668f5a90c8dc4a324ede93ebd93;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: handle alloc failure on qc_new_conn() for owned socket This patch is the follow up of previous fix : BUG/MINOR: quic: properly handle alloc failure in qc_new_conn() quic_conn owned socket FD is initialized as soon as possible in qc_new_conn(). This guarantees that we can safely call quic_conn_release() on allocation failure. This function uses internally qc_release_fd() to free the socket FD unless it has been initialized to an invalid FD value. Without this patch, a segfault will occur if one inner allocation of qc_new_conn() fails before qc.fd is initialized. This change is linked to quic-conn owned socket implementation. This should be backported up to 2.7. --- diff --git a/src/quic_conn.c b/src/quic_conn.c index 91d9808b4a..69cbe1a98a 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -4793,6 +4793,8 @@ static struct quic_conn *qc_new_conn(const struct quic_version *qv, int ipv4, LIST_INIT(&qc->rx.pkt_list); + qc_init_fd(qc); + /* Now proceeds to allocation of qc members. */ buf_area = pool_alloc(pool_head_quic_conn_rxbuf); @@ -4847,9 +4849,6 @@ static struct quic_conn *qc_new_conn(const struct quic_version *qv, int ipv4, TRACE_USER("Allocate a socket for QUIC connection", QUIC_EV_CONN_INIT, qc); qc_alloc_fd(qc, local_addr, peer_addr); } - else { - qc_init_fd(qc); - } /* insert the allocated CID in the receiver datagram handler tree */ if (server)