From: Willy Tarreau <w@1wt.eu>
Date: Mon, 10 May 2021 05:40:27 +0000 (+0200)
Subject: BUG/MEDIUM: quic: fix null deref on error path in qc_conn_init()
X-Git-Tag: v2.4-dev19~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7deb28ce6510bbc764eddd4e381cb7268792254a;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: quic: fix null deref on error path in qc_conn_init()

When ctx is NULL, we go to the "err" label, which could dereference it.
No backport is needed.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 68d0f604cb..fea9a01586 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -4164,7 +4164,7 @@ static int qc_conn_init(struct connection *conn, void **xprt_ctx)
 	return 0;
 
  err:
-	if (ctx->wait_event.tasklet)
+	if (ctx && ctx->wait_event.tasklet)
 		tasklet_free(ctx->wait_event.tasklet);
 	pool_free(pool_head_quic_conn_ctx, ctx);
 	TRACE_DEVEL("leaving in error", QUIC_EV_CONN_NEW, conn);