A new counter was recently introduced to comptabilize the current number
of active QUIC handshakes. This counter is stored on the listener
instance.
This counter is incremented at the beginning of qc_new_conn() to check
if limit is not reached prior to quic_conn allocation. If quic_conn or
one of its inner member allocation fails, special care is taken to
decrement the counter as the connection instance is released. However,
it relies on <l> variable which is initialized too late to cover
pool_head_quic_conn allocation failure.
To fix this, simply initialize <l> at the beginning of qc_new_conn().
This issue was reproduced using -dMfail argument.
This issue was introduced by the following commit
commit
3df6a60113773d8abff3457c7a06e30c1892b7dc
MEDIUM: quic: limit handshake per listener
No need to backport.
{
int i;
struct quic_conn *qc = NULL;
- struct listener *l = NULL;
+ struct listener *l = server ? owner : NULL;
struct quic_cc_algo *cc_algo = NULL;
unsigned int next_actconn = 0, next_sslconn = 0, next_handshake = 0;
}
if (server) {
- next_handshake = quic_increment_curr_handshake(owner);
+ next_handshake = quic_increment_curr_handshake(l);
if (!next_handshake) {
TRACE_STATE("max handshake reached", QUIC_EV_CONN_INIT);
goto err;
if (server) {
struct proxy *prx;
- l = owner;
prx = l->bind_conf->frontend;
cc_algo = l->bind_conf->quic_cc_algo;