BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels

The ->openssl_compat struct member of the QUIC connection object was not fully
initialized. This was done on purpose, believing that ->write_level and
->read_level member was initialized by quic_tls_compat_keylog_callback() (the
keylog callback) before entering quic_tls_compat_msg_callback() which
has to parse the TLS messages. In fact this is not the case at all.
quic_tls_compat_msg_callback() is called before quic_tls_compat_keylog_callback()
when receiving the first TLS ClientHello message.

->write_level and ->read_level was not initialized to <ssl_encryption_initial> (= 0)
as this is implicitely done by the originial ngxinx wrapper which calloc()s the openssl
compatibily structure. This could lead to a crash after ssl_to_qel_addr() returns
NULL when called by ha_quic_add_handshake_data().

This patch explicitely initialializes ->write_level and ->read_level to
<ssl_encryption_initial> (=0).

No need to backport.

diff --git a/src/quic_openssl_compat.c b/src/quic_openssl_compat.c
index fddd7432b6deede234757baec2a2213d09a152f5..99661377e267e5040039acdd2dff9c3fbe0ae56a 100644 (file)
--- a/src/quic_openssl_compat.c
+++ b/src/quic_openssl_compat.c
@@ -409,6 +409,8 @@ int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method)
        qc->openssl_compat.rbio = rbio;
        qc->openssl_compat.wbio = wbio;
        qc->openssl_compat.method = quic_method;
+       qc->openssl_compat.read_level = ssl_encryption_initial;
+       qc->openssl_compat.write_level = ssl_encryption_initial;
        ret = 1;
 
  leave: