From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Wed, 19 Apr 2023 12:26:16 +0000 (+0200)
Subject: BUG/MINOR: quic: consume Rx datagram even on error
X-Git-Tag: v2.8-dev8~74
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a65dd3a2c891514313c5e19a507f79f37a90506d;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: consume Rx datagram even on error

A BUG_ON crash can occur on qc_rcv_buf() if a Rx packet allocation
failed.

To fix this, datagram are marked as consumed even if a fatal error
occured during parsing. For the moment, only a Rx packet allocation
failure could provoke this. At this stage, it's unknown if the datagram
were partially parsed or not at all so it's better to discard it
completely.

This bug was detected using -dMfail argument.

This should be backported up to 2.7.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 8a0647405c..314c978c4e 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -8252,6 +8252,8 @@ int quic_dgram_parse(struct quic_dgram *dgram, struct quic_conn *from_qc,
 	return 0;
 
  err:
+	/* Mark this datagram as consumed as maybe at least some packets were parsed. */
+	HA_ATOMIC_STORE(&dgram->buf, NULL);
 	TRACE_LEAVE(QUIC_EV_CONN_LPKT);
 	return -1;
 }