From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Tue, 7 Dec 2021 14:32:00 +0000 (+0100)
Subject: MINOR: quic: fix segfault on CONNECTION_CLOSE parsing
X-Git-Tag: v2.6-dev1~323
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=942fc79b5fbdd4e0da7b98250d96d2ce8aaa928d;p=thirdparty%2Fhaproxy.git

MINOR: quic: fix segfault on CONNECTION_CLOSE parsing

At the moment the reason_phrase member of a
quic_connection_close/quic_connection_close_app structure is not
allocated. Comment the memcpy to it to avoid segfault.
---

diff --git a/src/quic_frame.c b/src/quic_frame.c
index 7194e6fda3..dfb6103fc5 100644
--- a/src/quic_frame.c
+++ b/src/quic_frame.c
@@ -821,7 +821,8 @@ static int quic_build_connection_close_app_frame(unsigned char **buf, const unsi
 		return 0;
 
 	if (connection_close_app->reason_phrase_len) {
-		memcpy(*buf, connection_close_app->reason_phrase, connection_close_app->reason_phrase_len);
+		// TODO reason_phrase is not allocated
+		//memcpy(*buf, connection_close_app->reason_phrase, connection_close_app->reason_phrase_len);
 		*buf += connection_close_app->reason_phrase_len;
 	}
 
@@ -843,7 +844,8 @@ static int quic_parse_connection_close_app_frame(struct quic_frame *frm, struct
 	    end - *buf < connection_close_app->reason_phrase_len)
 		return 0;
 
-	memcpy(connection_close_app->reason_phrase, *buf, connection_close_app->reason_phrase_len);
+	// TODO reason_phrase is not allocated
+	//memcpy(connection_close_app->reason_phrase, *buf, connection_close_app->reason_phrase_len);
 	*buf += connection_close_app->reason_phrase_len;
 
 	return 1;