From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 19 Aug 2021 13:35:59 +0000 (+0200)
Subject: MINOR: quic: Missing case when discarding HANDSHAKE secrets
X-Git-Tag: v2.5-dev8~70
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=754f99e9956dc904a56479ffc296d0ecc8280a34;p=thirdparty%2Fhaproxy.git

MINOR: quic: Missing case when discarding HANDSHAKE secrets

With very few packets received by the listener, it is possible
that its state may move from QUIC_HS_ST_SERVER_INITIAL to
QUIC_HS_ST_COMPLETE without transition to QUIC_HS_ST_SERVER_HANDSHAKE state.
This latter state is not mandatory.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 9cfade7c41..11afae7f40 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -2661,7 +2661,8 @@ struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state)
 		goto err;
 
 	st = HA_ATOMIC_LOAD(&qc->state);
-	if (prev_st == QUIC_HS_ST_SERVER_HANDSHAKE && st >= QUIC_HS_ST_COMPLETE) {
+	if (st >= QUIC_HS_ST_COMPLETE &&
+	    (prev_st == QUIC_HS_ST_SERVER_INITIAL || prev_st == QUIC_HS_ST_SERVER_HANDSHAKE)) {
 		/* Discard the Handshake keys. */
 		quic_tls_discard_keys(&qc->els[QUIC_TLS_ENC_LEVEL_HANDSHAKE]);
 		quic_pktns_discard(qc->els[QUIC_TLS_ENC_LEVEL_HANDSHAKE].pktns, qc);