From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 16 Jun 2025 08:46:05 +0000 (+0200)
Subject: BUG/MINOR: mux-quic: check sc_attach_mux return value
X-Git-Tag: v3.3-dev2~50
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc1a17f169c01a1fea8f31abeaeef9a9f6c35f17;p=thirdparty%2Fhaproxy.git

BUG/MINOR: mux-quic: check sc_attach_mux return value

On backend side, QUIC MUX needs to initialize the first local stream
during MUX init operation. This is necessary so that the first transfer
can then be performed.

sc_attach_mux() is used to attach the created QCS instance to its stream
data layer. However, return value was not checked, which may cause
issues on allocation error. This patch fixes it by returning an error on
MUX init operation and freeing the QCS instance in case of
sc_attach_mux() error.

This fixes coverity report from github issue #3007.

No need to backport.
---

diff --git a/src/mux_quic.c b/src/mux_quic.c
index b3fcd6517..af8285818 100644
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -3570,7 +3570,13 @@ static int qmux_init(struct connection *conn, struct proxy *prx,
 			goto err;
 		}
 
-		sc_attach_mux(sc, qcs, conn);
+		if (sc_attach_mux(sc, qcs, conn)) {
+			TRACE_ERROR("Cannot attach backend first init stream",
+			            QMUX_EV_QCC_NEW|QMUX_EV_QCC_ERR, conn);
+			qcs_free(qcs);
+			goto err;
+		}
+
 		qcs->sd = sc->sedesc;
 		qcc->nb_sc++;
 	}