]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 454c372)
BUG/MINOR: quic: Possible crash when acknowledging Initial v2 packets
authorFrédéric Lécaille <flecaille@haproxy.com>
Sat, 22 Jul 2023 09:46:15 +0000 (11:46 +0200)
committerFrédéric Lécaille <flecaille@haproxy.com>
Thu, 27 Jul 2023 08:51:03 +0000 (10:51 +0200)
The memory allocated for TLS cipher context used to encrypt/decrypt QUIC v2
packets should not be released as soon as possible. Indeed, even if
after having received an client Handshake packet one may drop the Initial
TLS cipher context, one has often to used it to acknowledged Initial packets.

No need to backport.

src/quic_conn.c patch | blob | blame | history

diff --git a/src/quic_conn.c b/src/quic_conn.c
index b735cfa27d6fa02a4a65e665e2271305e5b2a1cf..a95afec8b4082a0f21f4c79324c53f7947d02169 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -3390,8 +3390,6 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
                                qc_set_timer(qc);
                                qc_el_rx_pkts_del(qc->iel);
                                qc_release_pktns_frms(qc, qc->ipktns);
-                               /* Also release the negotiated Inital TLS context. */
-                               quic_nictx_free(qc);
                        }
                    if (qc->state < QUIC_HS_ST_SERVER_HANDSHAKE)
                            qc->state = QUIC_HS_ST_SERVER_HANDSHAKE;
Mirror of https://github.com/haproxy/haproxy.git