From bdd863477d66840c05c1773ffb04405cafaec18f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Mon, 31 Jul 2023 15:07:06 +0200 Subject: [PATCH] BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels The ->openssl_compat struct member of the QUIC connection object was not fully initialized. This was done on purpose, believing that ->write_level and ->read_level member was initialized by quic_tls_compat_keylog_callback() (the keylog callback) before entering quic_tls_compat_msg_callback() which has to parse the TLS messages. In fact this is not the case at all. quic_tls_compat_msg_callback() is called before quic_tls_compat_keylog_callback() when receiving the first TLS ClientHello message. ->write_level and ->read_level was not initialized to (= 0) as this is implicitely done by the originial ngxinx wrapper which calloc()s the openssl compatibily structure. This could lead to a crash after ssl_to_qel_addr() returns NULL when called by ha_quic_add_handshake_data(). This patch explicitely initialializes ->write_level and ->read_level to (=0). No need to backport. --- src/quic_openssl_compat.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/quic_openssl_compat.c b/src/quic_openssl_compat.c index fddd7432b6..99661377e2 100644 --- a/src/quic_openssl_compat.c +++ b/src/quic_openssl_compat.c @@ -409,6 +409,8 @@ int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) qc->openssl_compat.rbio = rbio; qc->openssl_compat.wbio = wbio; qc->openssl_compat.method = quic_method; + qc->openssl_compat.read_level = ssl_encryption_initial; + qc->openssl_compat.write_level = ssl_encryption_initial; ret = 1; leave: -- 2.47.3