From: Frédéric Lécaille Date: Tue, 7 Nov 2023 13:16:33 +0000 (+0100) Subject: BUG/MEDIUM: quic: Too short Initial packet sent (enc. level allocation failed) X-Git-Tag: v2.9-dev10~124 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4e3b28e8b6b0859596532b4541183d96f4c8ad6a;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: quic: Too short Initial packet sent (enc. level allocation failed) If the Handshake encryption level could not be allocated, this could lead to Initial packets to be sent because no Handshake CRYPTO frames were generated. Furthermore in such an allocation failure case, the connection should be closed as soon as possible. This is done making ha_quic_set_encryption_secrets() return 0 upon an encryption level allocation failure. Also fix a typo in the trace in relation to this allocation failure. No need to be backported. --- diff --git a/src/quic_ssl.c b/src/quic_ssl.c index 14a5eca86c..085f4b8b32 100644 --- a/src/quic_ssl.c +++ b/src/quic_ssl.c @@ -173,8 +173,8 @@ static int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t BUG_ON(secret_len > QUIC_TLS_SECRET_LEN); if (!*qel && !qc_enc_level_alloc(qc, pktns, qel, level)) { - TRACE_PROTO("Could not allocated an encryption level", QUIC_EV_CONN_ADDDATA, qc); - goto out; + TRACE_PROTO("Could not allocate an encryption level", QUIC_EV_CONN_ADDDATA, qc); + goto leave; } tls_ctx = &(*qel)->tls_ctx;