From: Stefan Eissing <stefan@eissing.org>
Date: Mon, 6 Oct 2025 11:16:55 +0000 (+0200)
Subject: ngtcp2: fix returns when TLS verify failed
X-Git-Tag: rc-8_17_0-3~296
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f4e83a0adcc86abb9ecc8673e3abd91c215a6649;p=thirdparty%2Fcurl.git

ngtcp2: fix returns when TLS verify failed

In both send/recv functions of the ngtcp2 filter, when TLS verification
has failed, jump out by skipping ingress/egress handling.

Reported-by: Joshua Rogers
Closes #18881
---

diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
index 7a26e2bf08..f397ec85ae 100644
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -1329,7 +1329,7 @@ static CURLcode cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
   /* handshake verification failed in callback, do not recv anything */
   if(ctx->tls_vrfy_result) {
     result = ctx->tls_vrfy_result;
-    goto out;
+    goto denied;
   }
 
   pktx_init(&pktx, cf, data);
@@ -1361,7 +1361,7 @@ static CURLcode cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
 out:
   result = Curl_1st_err(result, cf_progress_egress(cf, data, &pktx));
   result = Curl_1st_err(result, check_and_set_expiry(cf, data, &pktx));
-
+denied:
   CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_recv(blen=%zu) -> %d, %zu",
               stream ? stream->id : -1, blen, result, *pnread);
   CF_DATA_RESTORE(cf, save);
@@ -1616,8 +1616,10 @@ static CURLcode cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
   *pnwritten = 0;
 
   /* handshake verification failed in callback, do not send anything */
-  if(ctx->tls_vrfy_result)
-    return ctx->tls_vrfy_result;
+  if(ctx->tls_vrfy_result) {
+    result = ctx->tls_vrfy_result;
+    goto denied;
+  }
 
   (void)eos; /* use for stream EOF and block handling */
   result = cf_progress_ingress(cf, data, &pktx);
@@ -1684,7 +1686,7 @@ static CURLcode cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
 
 out:
   result = Curl_1st_err(result, check_and_set_expiry(cf, data, &pktx));
-
+denied:
   CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send(len=%zu) -> %d, %zu",
               stream ? stream->id : -1, len, result, *pnwritten);
   CF_DATA_RESTORE(cf, save);