From 695eee432fc99eb3c004a160097550f3ffcd52f2 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Thu, 10 Jul 2025 13:18:03 +0200 Subject: [PATCH] h3: fix query of concurrent streams Queries gave wrong value or ran into NULL pointers when called at times when connection filter was not fully initialized. Closes #17886 --- lib/http2.c | 2 +- lib/vquic/curl_osslq.c | 5 +++-- lib/vquic/curl_quiche.c | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/http2.c b/lib/http2.c index 1f65cbdd02..a8f6ae439f 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -2750,7 +2750,7 @@ static CURLcode cf_h2_query(struct Curl_cfilter *cf, DEBUGASSERT(pres1); CF_DATA_SAVE(save, cf, data); - if(nghttp2_session_check_request_allowed(ctx->h2) == 0) { + if(!ctx->h2 || !nghttp2_session_check_request_allowed(ctx->h2)) { /* the limit is what we have in use right now */ effective_max = CONN_ATTACHED(cf->conn); } diff --git a/lib/vquic/curl_osslq.c b/lib/vquic/curl_osslq.c index d64ea836be..ec3a2e0ad0 100644 --- a/lib/vquic/curl_osslq.c +++ b/lib/vquic/curl_osslq.c @@ -2304,8 +2304,9 @@ static CURLcode cf_osslq_query(struct Curl_cfilter *cf, case CF_QUERY_MAX_CONCURRENT: { #ifdef SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL /* Added in OpenSSL v3.3.x */ - uint64_t v; - if(!SSL_get_value_uint(ctx->tls.ossl.ssl, SSL_VALUE_CLASS_GENERIC, + uint64_t v = 0; + if(ctx->tls.ossl.ssl && + !SSL_get_value_uint(ctx->tls.ossl.ssl, SSL_VALUE_CLASS_GENERIC, SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, &v)) { CURL_TRC_CF(data, cf, "error getting available local bidi streams"); return CURLE_HTTP3; diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c index 0ac389d541..c4331c46bb 100644 --- a/lib/vquic/curl_quiche.c +++ b/lib/vquic/curl_quiche.c @@ -1516,7 +1516,7 @@ static CURLcode cf_quiche_query(struct Curl_cfilter *cf, switch(query) { case CF_QUERY_MAX_CONCURRENT: { curl_uint64_t max_streams = CONN_ATTACHED(cf->conn); - if(!ctx->goaway) { + if(!ctx->goaway && ctx->qconn) { max_streams += quiche_conn_peer_streams_left_bidi(ctx->qconn); } *pres1 = (max_streams > INT_MAX) ? INT_MAX : (int)max_streams; -- 2.47.2