BUG/MINOR: quic: Possible crash when SSL session init fails

This is due to the fact that qc->conn is never initialized before calling
qc_ssl_sess_init().

Must be backported as far as 2.6.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 459c22adeddbf5056e18f321e35db773dcb6c925..f0a0df7cc2d154bccddc37f26b3f9e9423e273f4 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6733,7 +6733,7 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl,
        *ssl = SSL_new(ssl_ctx);
        if (!*ssl) {
                if (!retry--)
-                       goto err;
+                       goto leave;
 
                pool_gc(NULL);
                goto retry;
@@ -6744,7 +6744,7 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl,
                SSL_free(*ssl);
                *ssl = NULL;
                if (!retry--)
-                       goto err;
+                       goto leave;
 
                pool_gc(NULL);
                goto retry;
@@ -6754,10 +6754,6 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl,
  leave:
        TRACE_LEAVE(QUIC_EV_CONN_NEW, qc);
        return ret;
-
- err:
-       qc->conn->err_code = CO_ER_SSL_NO_MEM;
-       goto leave;
 }
 
 /* Allocate the ssl_sock_ctx from connection <qc>. This creates the tasklet