git.ipfire.org Git - thirdparty/haproxy.git/commit

BUG/MAJOR: quic: Crash after discarding packet number spaces

This previous patch was not sufficient to prevent haproxy from
crashing when some Handshake packets had to be inspected before being possibly
retransmitted:

"BUG/MAJOR: quic: Crash upon retransmission of dgrams with several packets"

This patch introduced another issue: access to packets which have been
released because still attached to others (in the same datagram). This was
the case for instance when discarding the Initial packet number space before
inspecting an Handshake packet in the same datagram through its ->prev or
member in our case.

This patch implements quic_tx_packet_dgram_detach() which detaches a packet
from the adjacent ones in the same datagram to be called when ackwowledging
a packet (as done in the previous commit) and when releasing its memory. This
was, we are sure the released packets will not be accessed during retransmissions.

Thank you to @gabrieltz for having reported this issue in GH #1903.

Must be backported to 2.6.

author	Frédéric Lécaille <flecaille@haproxy.com>
	Sun, 20 Nov 2022 17:35:35 +0000 (18:35 +0100)
committer	Frédéric Lécaille <flecaille@haproxy.com>
	Sun, 20 Nov 2022 17:35:46 +0000 (18:35 +0100)
commit	74b5f7b31b6c68e220e68cb4a0b302137a9a7362
tree	027cb10bf77e3019909aac9ae2964ed2ae6433ac	tree \| snapshot
parent	c8601507b27db9df3c6e406c6d90c473c6976619	commit \| diff

include/haproxy/quic_conn.h		diff \| blob \| blame \| history
src/quic_conn.c		diff \| blob \| blame \| history