From: Frédéric Lécaille Date: Wed, 22 Nov 2023 13:57:28 +0000 (+0100) Subject: BUG/MINOR: quic: Possible leak of TX packets under heavy load X-Git-Tag: v2.9-dev11~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd225da46ca47d3fc62ecc9012fc54dc6aa49b34;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: Possible leak of TX packets under heavy load This bug could be reproduced with -dMfail and detected added a counter of TX packet to the QUIC connection. When released calling quic_conn_release() the connection should have a null counter of TX packets. This was not always the case. This could occur during the handshake step: a first packet was built, then another one should have followed in the same datagram, but fail due to a memory allocation issue. As the datagram length and first TX packet were not written in the TX buffer, this latter could not really be purged by qc_purge_tx_buf() even if called. This bug occured only when building coalesced packets in the same datagram. To fix this, write the packet information (datagram length and first packet address) in the TX buffer before purging it. Must be backported as far as 2.6. --- diff --git a/src/quic_tx.c b/src/quic_tx.c index 4f4551b162..d4529fb1ad 100644 --- a/src/quic_tx.c +++ b/src/quic_tx.c @@ -1139,6 +1139,8 @@ int qc_prep_hpkts(struct quic_conn *qc, struct buffer *buf, struct list *qels) must_ack, padding, probe, cc, &err); switch (err) { case -3: + if (first_pkt) + qc_txb_store(buf, dglen, first_pkt); qc_purge_tx_buf(qc, buf); goto leave; case -2: