From: Frédéric Lécaille Date: Mon, 3 Jul 2023 15:16:31 +0000 (+0200) Subject: BUG/MINOR: quic: Possible crash in "show quic" dumping packet number spaces X-Git-Tag: v2.9-dev2~79 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6aeaa73d3972198c22e6345bd2d91706ed6e89f3;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: Possible crash in "show quic" dumping packet number spaces This bug was introduced by this commit: MEDIUM: quic: Release encryption levels and packet number spaces asap Add some checks before derefencing pointers to packet number spaces objects to dump them from "show quic" command. No backport needed. --- diff --git a/src/quic_conn.c b/src/quic_conn.c index 24686e082f..5964dda1ad 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -8808,14 +8808,22 @@ static void dump_quic_full(struct show_quic_ctx *ctx, struct quic_conn *qc) /* Packet number spaces information */ pktns = qc->ipktns; - chunk_appendf(&trash, " [initl] rx.ackrng=%-6zu tx.inflight=%-6zu", - pktns->rx.arngs.sz, pktns->tx.in_flight); + if (pktns) { + chunk_appendf(&trash, " [initl] rx.ackrng=%-6zu tx.inflight=%-6zu", + pktns->rx.arngs.sz, pktns->tx.in_flight); + } + pktns = qc->hpktns; - chunk_appendf(&trash, " [hndshk] rx.ackrng=%-6zu tx.inflight=%-6zu\n", - pktns->rx.arngs.sz, pktns->tx.in_flight); + if (pktns) { + chunk_appendf(&trash, " [hndshk] rx.ackrng=%-6zu tx.inflight=%-6zu\n", + pktns->rx.arngs.sz, pktns->tx.in_flight); + } + pktns = qc->apktns; - chunk_appendf(&trash, " [01rtt] rx.ackrng=%-6zu tx.inflight=%-6zu\n", - pktns->rx.arngs.sz, pktns->tx.in_flight); + if (pktns) { + chunk_appendf(&trash, " [01rtt] rx.ackrng=%-6zu tx.inflight=%-6zu\n", + pktns->rx.arngs.sz, pktns->tx.in_flight); + } chunk_appendf(&trash, " srtt=%-4u rttvar=%-4u rttmin=%-4u ptoc=%-4u cwnd=%-6llu" " mcwnd=%-6llu sentpkts=%-6llu lostpkts=%-6llu\n",