From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 15 May 2023 07:35:59 +0000 (+0200)
Subject: BUG/MINOR: h3: missing goto on buf alloc failure
X-Git-Tag: v2.8-dev12~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6133aba8896a939d16c2077ff25140651909192b;p=thirdparty%2Fhaproxy.git

BUG/MINOR: h3: missing goto on buf alloc failure

The following patch introduced proper error management on buffer
allocation failure :
  0abde9dee69fe151f5f181a34e0782ef840abe53
  BUG/MINOR: mux-quic: properly handle buf alloc failure

However, when decoding an empty STREAM frame with just FIN bit set, this
was not done correctly. Indeed, there is a missing goto statement in
case of a NULL buffer check.

This was reported thanks to coverity analysis. This should fix github
issue #2163.

This must be backported up to 2.6.
---

diff --git a/src/h3.c b/src/h3.c
index 99c2d76474..50e6b4f81c 100644
--- a/src/h3.c
+++ b/src/h3.c
@@ -1061,6 +1061,7 @@ static ssize_t h3_decode_qcs(struct qcs *qcs, struct buffer *b, int fin)
 		if (!(appbuf = qc_get_buf(qcs, &qcs->rx.app_buf))) {
 			TRACE_ERROR("data buffer alloc failure", H3_EV_RX_FRAME, qcs->qcc->conn, qcs);
 			h3c->err = H3_INTERNAL_ERROR;
+			goto err;
 		}
 
 		htx = htx_from_buf(appbuf);