From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Tue, 18 Jul 2023 09:44:06 +0000 (+0200)
Subject: BUG/MINOR: quic: Unckecked encryption levels availability
X-Git-Tag: v2.9-dev2~44
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e5a17b0bc027875758aca3ebfe8f03d36a24117f;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: Unckecked encryption levels availability

This bug arrived with this commit:

   MEDIUM: quic: Dynamic allocations of QUIC TLS encryption levels

It is possible that haproxy receives a late Initial packet after it has
released its Initial or Handshake encryption levels. In this case
it must not try to retransmit packets from such encryption levels to
speed up the handshake completion.

No need to backport.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index f3891f12f7..5ec8f0d9e0 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -3328,7 +3328,7 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
 	/* Flag this packet number space as having received a packet. */
 	qel->pktns->flags |= QUIC_FL_PKTNS_PKT_RECEIVED;
 
-	if (fast_retrans) {
+	if (fast_retrans && qc->iel && qc->hel) {
 		struct quic_enc_level *iqel = qc->iel;
 		struct quic_enc_level *hqel = qc->hel;