quic: add missing return 0 after raise_protocol_error for NEW_CONN_ID

Every other frame type handler in depack_process_frames() returns 0
after calling ossl_quic_channel_raise_protocol_error(), but the
NEW_CONN_ID case falls through to depack_do_frame_new_conn_id().

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Fri Mar 27 16:48:44 2026
(Merged from https://github.com/openssl/openssl/pull/30550)

diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c
index 83f66ef59e5a0d1a8532d538742b6852d786655e..55345bf2cf945e763a9cddc1a9eaeed3684ab983 100644 (file)
--- a/ssl/quic/quic_rx_depack.c
+++ b/ssl/quic/quic_rx_depack.c
@@ -1316,6 +1316,7 @@ static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
                     OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
                     frame_type,
                     "NEW_CONN_ID valid only in 0/1-RTT");
+                return 0;
             }
             if (!depack_do_frame_new_conn_id(pkt, ch, ackm_data))
                 return 0;