BUG/MINOR: quic: ensure a detached coalesced packet can't access its neighbours

Reset ->prev and ->next fields of a coalesced TX packet to ensure it cannot access
several times its neighbours after it is supposed to be detached from them calling
quic_tx_packet_dgram_detach().

There are two cases where a packet can be coalesced to another previous built one:
this is when it is built into the same datagrame without GSO (and flagged flag with
QUIC_FL_TX_PACKET_COALESCED) or when sent from the same sendto() syscall with GOS
(not flagged with QUIC_FL_TX_PACKET_COALESCED).

This fix may be in relation with GH #2839.

Must be backported as far as 2.6.

diff --git a/include/haproxy/quic_tx.h b/include/haproxy/quic_tx.h
index 970d8d598bf9100fcf72ad9e4ca842bf7019be33..9961a2384f723dc5930de4347b27904ba00c8779 100644 (file)
--- a/include/haproxy/quic_tx.h
+++ b/include/haproxy/quic_tx.h
@@ -63,6 +63,7 @@ static inline void quic_tx_packet_dgram_detach(struct quic_tx_packet *pkt)
                pkt->prev->next = pkt->next;
        if (pkt->next)
                pkt->next->prev = pkt->prev;
+       pkt->prev = pkt->next = NULL;
 }