From 56d15b2a03c52ed7e2ee14200bbf2c04024cd490 Mon Sep 17 00:00:00 2001
From: Frederic Lecaille <flecaille@haproxy.com>
Date: Fri, 17 Oct 2025 10:47:52 +0200
Subject: [PATCH] BUG/MAJOR: quic: uninitialized quic_conn_closed struct
 members

A quic_conn_closed struct is initialized to replace the quic_conn when the
connection enters the closing to reduce the connection memory footprint.
->max_udp_payload quic_conn_close was not initialized leading to possible
BUG_ON()s in qc_rcv_buf() when comparing the RX buf size to this payload.

->cntrs counters were alon not initialized with the only consequence
to generate wrong values for these counters.

Must be backported as far as 2.9.
---
 src/quic_conn.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 95f8216d5..af17d43f0 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -745,6 +745,7 @@ static struct quic_conn_closed *qc_new_cc_conn(struct quic_conn *qc)
 	cc_qc->bytes.tx = qc->bytes.tx;
 	cc_qc->bytes.rx = qc->bytes.rx;
 
+	cc_qc->max_udp_payload = qc->max_udp_payload;
 	cc_qc->odcid = qc->odcid;
 	cc_qc->dcid = qc->dcid;
 	cc_qc->scid = qc->scid;
@@ -757,6 +758,7 @@ static struct quic_conn_closed *qc_new_cc_conn(struct quic_conn *qc)
 	cc_qc->idle_timer_task->context = cc_qc;
 	cc_qc->idle_expire = qc->idle_expire;
 
+	cc_qc->cntrs = qc->cntrs;
 	cc_qc->conn = qc->conn;
 	qc->conn = NULL;
 
-- 
2.47.3