BUG/MINOR: quic: Unchecked pointer to packet number space dereferenced

It is possible that there are still Initial crypto data in flight without
Handshake crypto data in flight. This is very rare but possible.

This issue was reported by long-rtt interop test with quic-go as client
and @chipitsine in GH #2276.

No need to backport.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index a2e85d8dfdb7abb100fb9a980cf314991b315748..be65c2e2058f6b5fda74a213f8f02bfcfdf35366 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -1094,7 +1094,7 @@ struct task *qc_process_timer(struct task *task, void *ctx, unsigned int state)
                        else {
                                TRACE_STATE("Cannot probe Initial packet number space", QUIC_EV_CONN_TXPKT, qc);
                        }
-                       if (qc->hpktns->tx.in_flight) {
+                       if (qc->hpktns && qc->hpktns->tx.in_flight) {
                                qc->flags |= QUIC_FL_CONN_RETRANS_NEEDED;
                                qc->hpktns->flags |= QUIC_FL_PKTNS_PROBE_NEEDED;
                                TRACE_STATE("needs to probe Handshake packet number space", QUIC_EV_CONN_TXPKT, qc);