git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Amaury Denoyelle <adenoyelle@haproxy.com>
	Wed, 10 Dec 2025 10:57:34 +0000 (11:57 +0100)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Wed, 10 Dec 2025 11:04:37 +0000 (12:04 +0100)
commit	5b8e6d6811ea5c98cc2bf7544eaceb52983138c7
tree	a532943cc59b92572ddf1c4a67a63b3ea39548a5	tree \| snapshot
parent	6eedd0d485b3ad3741473b5aa221fc727c928401	commit \| diff

BUG/MEDIUM: h3: fix access to QCS <sd> definitely

The previous patch tried to fix access to QCS <sd> member, as the latter
is not always allocated anymore on the frontend side.

a15f0461a016a664427f5aaad2227adcc622c882
BUG/MEDIUM: h3: do not access QCS <sd> if not allocated

In particular, access was prevented after HEADERS parsing in case
h3_req_headers_to_htx() returned an error, which indicates that the
stream-endpoint allocation was not performed. However, this still is not
enough when QCS instance is already closed at this step. Indeed, in this
case, h3_req_headers_to_htx() returns OK but stream-endpoint allocation
is skipped as an optimization as no data exchange will be performed.

To definitely fix this kind of problems, add checks on qcs <sd> member
before accessing it in H3 layer. This method is the safest one to ensure
there is no NULL dereferencement.

This should fix github issue #3211.

This must be backported along the above mentionned patch.