From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Wed, 13 Apr 2022 14:20:09 +0000 (+0200)
Subject: BUG/MINOR: quic: Avoid starting the mux if no ALPN sent by the client
X-Git-Tag: v2.6-dev6~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc964bd1aecab858bb74a24240cd7b2836e229ab;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: Avoid starting the mux if no ALPN sent by the client

If the client does not sent an ALPN, the SSL ALPN negotiation callback
is not called. However, the handshake is reported as successful. Check
just after SSL_do_handshake if an ALPN was negotiated. If not, emit a
CONNECTION_CLOSE with a TLS alert to close the connection.

This prevent a crash in qcc_install_app_ops() called with null as second
parameter value.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 2726a276f1..6ab18d8711 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -2068,6 +2068,14 @@ static inline int qc_provide_cdata(struct quic_enc_level *el,
 		}
 
 		TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_IO_CB, qc, &state);
+
+		/* Check the alpn could be negotiated */
+		if (!qc->app_ops) {
+			TRACE_PROTO("No ALPN", QUIC_EV_CONN_IO_CB, qc, &state);
+			quic_set_tls_alert(qc, SSL_AD_NO_APPLICATION_PROTOCOL);
+			goto err;
+		}
+
 		/* I/O callback switch */
 		ctx->wait_event.tasklet->process = quic_conn_app_io_cb;
 		if (qc_is_listener(ctx->qc)) {