BUG/MEDIUM: quic: fix FD for quic_cc_conn

Since following commit, quic_conn closes its owned socket before
transition to quic_cc_conn for closing state. This allows to save FDs as
quic_cc_conn could use the listener socket for their I/O.

  commit 150c0da8895be50a39fd8e44f1db28e52c938569
  MEDIUM: quic: release conn socket before using quic_cc_conn

This patch is incomplete as it removes initialization of <fd> member for
quic_cc_conn. Thus, if sending is done on closing state, <fd> value is
undefined which in most cases will result in a crash. Fix this by simply
initializing <fd> member with qc_init_fd() in qc_new_cc_conn().

This bug should fix recent issue from #2095. Thanks to Tristan for its
reporting and then testing of this patch.

No need to backport.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index d3b89ab46ea558571cf7af3d15d962dca87138c6..067de20434b7c606f48f69c2041126fe695ac602 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -828,6 +828,8 @@ static struct quic_cc_conn *qc_new_cc_conn(struct quic_conn *qc)
 
        quic_conn_mv_cids_to_cc_conn(cc_qc, qc);
 
+       qc_init_fd((struct quic_conn *)cc_qc);
+
        cc_qc->flags = qc->flags;
        cc_qc->err = qc->err;