From: Amaury Denoyelle Date: Tue, 9 Aug 2022 15:52:52 +0000 (+0200) Subject: BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level X-Git-Tag: v2.7-dev4~65 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f0f92b2db8b95d5fbd9bc8def073ed2c3317f5d3;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level When arriving at the handshake completion, next encryption level will be null on quic_conn_io_cb(). Thus this must be check this before dereferencing it via qc_need_sending() to prevent a crash. This was reproduced quickly when browsing over a local nextcloud instance through QUIC with firefox. This has been introduced in the current dev with quic-conn Tx refactoring. No need to backport it. --- diff --git a/src/xprt_quic.c b/src/xprt_quic.c index 076d93699b..87396ea15b 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -3961,8 +3961,10 @@ struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state) if (!quic_get_tls_enc_levels(&tel, &next_tel, st, 0)) goto err; - if (!qc_need_sending(qc, qel) && !qc_need_sending(qc, next_qel)) + if (!qc_need_sending(qc, qel) && + (!next_qel || !qc_need_sending(qc, next_qel))) { goto skip_send; + } buf = qc_txb_alloc(qc); if (!buf)