From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Fri, 18 Mar 2022 16:49:29 +0000 (+0100)
Subject: BUG/MINOR: quic: Unsent frame because of qc_build_frms()
X-Git-Tag: v2.6-dev4~36
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dcc74ff792b1ce0b764722894b83da9392324ff8;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: Unsent frame because of qc_build_frms()

There are non already identified rare cases where qc_build_frms() does not manage
to size frames to be encoded in a packet leading qc_build_frm() to fail to add
such frame to the packet to be built. In such cases we must move back such
frames to their origin frame list passed as parameter to qc_build_frms(): <frms>.
because they were added to the packet frame list (but not built). If this
this packet is not retransmitted, the frame is lost for ever! Furthermore we must
not modify the buffer.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 114fc569b8..b50af85b37 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -5231,12 +5231,23 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end,
 	/* Ack-eliciting frames */
 	if (!LIST_ISEMPTY(&frm_list)) {
 		list_for_each_entry(cf, &frm_list, list) {
-			if (!qc_build_frm(&pos, end, cf, pkt, qc)) {
+			unsigned char *spos = pos;
+
+			if (!qc_build_frm(&spos, end, cf, pkt, qc)) {
 				ssize_t room = end - pos;
 				TRACE_PROTO("Not enough room", QUIC_EV_CONN_HPKT,
 				            qc, NULL, NULL, &room);
+				/* TODO: this should not have happened if qc_build_frms()
+				 * had correctly computed and sized the frames to be
+				 * added to this packet. Note that <cf> was added
+				 * from <frm_list> to <frms> list by qc_build_frms().
+				 */
+				LIST_DELETE(&cf->list);
+				LIST_INSERT(frms, &cf->list);
 				break;
 			}
+
+			pos = spos;
 			quic_tx_packet_refinc(pkt);
 			cf->pkt = pkt;
 		}