From: Frédéric Lécaille Date: Mon, 31 Jul 2023 13:07:06 +0000 (+0200) Subject: BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels X-Git-Tag: v2.9-dev3~82 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bdd863477d66840c05c1773ffb04405cafaec18f;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels The ->openssl_compat struct member of the QUIC connection object was not fully initialized. This was done on purpose, believing that ->write_level and ->read_level member was initialized by quic_tls_compat_keylog_callback() (the keylog callback) before entering quic_tls_compat_msg_callback() which has to parse the TLS messages. In fact this is not the case at all. quic_tls_compat_msg_callback() is called before quic_tls_compat_keylog_callback() when receiving the first TLS ClientHello message. ->write_level and ->read_level was not initialized to (= 0) as this is implicitely done by the originial ngxinx wrapper which calloc()s the openssl compatibily structure. This could lead to a crash after ssl_to_qel_addr() returns NULL when called by ha_quic_add_handshake_data(). This patch explicitely initialializes ->write_level and ->read_level to (=0). No need to backport. --- diff --git a/src/quic_openssl_compat.c b/src/quic_openssl_compat.c index fddd7432b6..99661377e2 100644 --- a/src/quic_openssl_compat.c +++ b/src/quic_openssl_compat.c @@ -409,6 +409,8 @@ int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) qc->openssl_compat.rbio = rbio; qc->openssl_compat.wbio = wbio; qc->openssl_compat.method = quic_method; + qc->openssl_compat.read_level = ssl_encryption_initial; + qc->openssl_compat.write_level = ssl_encryption_initial; ret = 1; leave: