port_default_packet_handler() should not attempt to parse QUIC packet

header when destination connection id is not present. To save CPU cycles.

Issue has been noticed and kindly reported by Dan Carpenter via
openssl-users@ mailing list.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
MergeDate: Thu Apr 16 22:59:33 2026
(Merged from https://github.com/openssl/openssl/pull/30795)

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 644b4e0fe55b5792ca3283596d8f79944445c9a3..e9af8b21b21f8495541050e085e682ea1e2bb9c5 100644 (file)
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -1599,6 +1599,13 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
     if (!port->allow_incoming)
         goto undesirable;
 
+    /*
+     * packet without destination connection id is invalid/corrupted here.
+     * stop wasting CPU cycles now.
+     */
+    if (dcid == NULL)
+        goto undesirable;
+
     /*
      * We have got a packet for an unknown DCID. This might be an attempt to
      * open a new connection.