From: Frederic Lecaille <flecaille@haproxy.com>
Date: Thu, 27 Nov 2025 10:22:46 +0000 (+0100)
Subject: BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces
X-Git-Tag: v3.4-dev1~58
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63273c795f5d2104bbe504fb9eac467ae987ecd3;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic/ssl: crash in ClientHello callback ssl traces

Such crashes may occur for QUIC frontends only when the SSL traces are enabled.

ssl_sock_switchctx_cbk() ClientHello callback may be called without any connection
initialize (<conn>) for QUIC connections leading to crashes when passing
conn->err_code to TRACE_ERROR().

Modify the TRACE_ERROR() statement to pass this parameter only when <conn> is
initialized.

Must be backported as far as 3.2.
---

diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c
index ffc06b94b..af4b1d9ff 100644
--- a/src/ssl_clienthello.c
+++ b/src/ssl_clienthello.c
@@ -506,7 +506,8 @@ sni_lookup:
 	/* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
 	if (conn)
 		conn->err_code = CO_ER_SSL_HANDSHAKE;
-	TRACE_ERROR("No suitable SSL context found", SSL_EV_CONN_SWITCHCTX_CB|SSL_EV_CONN_ERR, conn, ssl, &conn->err_code);
+	TRACE_ERROR("No suitable SSL context found", SSL_EV_CONN_SWITCHCTX_CB|SSL_EV_CONN_ERR,
+	            conn, ssl, conn ? &conn->err_code : NULL);
 #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
 	return ssl_select_cert_error;
 #else