From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Wed, 6 Jan 2021 11:12:39 +0000 (+0100)
Subject: BUG/MINOR: quic: NULL pointer dereferences when building post handshake frames.
X-Git-Tag: v2.4-dev5~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=153d4a89d0451ae896c9922ce2490b4ab8ddc8bf;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: NULL pointer dereferences when building post handshake frames.

The second one was detected by cppcheck contrary to the first one.
Fixes issue #1032.
Thank you to Ilya for having reported this.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index c20d877c39..7232c65757 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -1871,6 +1871,9 @@ static int quic_build_post_handshake_frames(struct quic_conn *conn)
 	/* Only servers must send a HANDSHAKE_DONE frame. */
 	if (!objt_server(conn->conn->target)) {
 		frm = pool_alloc(pool_head_quic_frame);
+		if (!frm)
+			return 0;
+
 		frm->type = QUIC_FT_HANDSHAKE_DONE;
 		LIST_ADDQ(&conn->tx.frms_to_send, &frm->list);
 	}
@@ -1879,7 +1882,6 @@ static int quic_build_post_handshake_frames(struct quic_conn *conn)
 		struct quic_connection_id *cid;
 
 		frm = pool_alloc(pool_head_quic_frame);
-		memset(frm, 0, sizeof *frm);
 		cid = new_quic_cid(&conn->cids, i);
 		if (!frm || !cid)
 			goto err;