From: Frédéric Lécaille Date: Thu, 23 Jun 2022 15:47:10 +0000 (+0200) Subject: BUG/MINOR: quic: Wrong reuse of fulfilled dgram RX buffer X-Git-Tag: v2.7-dev1~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c535683eef05b420d7bf0b25cf38820d02333fe;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: Wrong reuse of fulfilled dgram RX buffer After having fulfilled a buffer, then marked it as full, we must consume the remaining space. But to do that, and not to erase the already existing data, we must check there is not remaining data in after the tail of the buffer (between the tail and the head). This is done adding a condition to test that adding the number of bytes from the remaining contiguous space to the tail does not pass the wrapping postion in the buffer. Must be backported to 2.6. --- diff --git a/src/quic_sock.c b/src/quic_sock.c index a391006aff..4444ab8587 100644 --- a/src/quic_sock.c +++ b/src/quic_sock.c @@ -310,6 +310,12 @@ void quic_sock_fd_iocb(int fd) if (cspace < max_sz) { struct quic_dgram *dgram; + /* Do no mark as full, and do not try to consume it + * if the contiguous remmaining space is not at the end + */ + if (b_tail(buf) + cspace < b_wrap(buf)) + goto out; + /* Allocate a fake datagram, without data to locate * the end of the RX buffer (required during purging). */ @@ -319,11 +325,11 @@ void quic_sock_fd_iocb(int fd) dgram->len = cspace; LIST_APPEND(&rxbuf->dgrams, &dgram->list); + /* Consume the remaining space */ b_add(buf, cspace); if (b_contig_space(buf) < max_sz) goto out; - } dgram_buf = (unsigned char *)b_tail(buf);