BUG/MAJOR: quic: uninitialized quic_conn_closed struct members

A quic_conn_closed struct is initialized to replace the quic_conn when the
connection enters the closing to reduce the connection memory footprint.
->max_udp_payload quic_conn_close was not initialized leading to possible
BUG_ON()s in qc_rcv_buf() when comparing the RX buf size to this payload.

->cntrs counters were alon not initialized with the only consequence
to generate wrong values for these counters.

Must be backported as far as 2.9.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 95f8216d50e1723b9e488e1116d026e73267e94e..af17d43f08356fdfa6da7141d581cfd7a6729b3d 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -745,6 +745,7 @@ static struct quic_conn_closed *qc_new_cc_conn(struct quic_conn *qc)
        cc_qc->bytes.tx = qc->bytes.tx;
        cc_qc->bytes.rx = qc->bytes.rx;
 
+       cc_qc->max_udp_payload = qc->max_udp_payload;
        cc_qc->odcid = qc->odcid;
        cc_qc->dcid = qc->dcid;
        cc_qc->scid = qc->scid;
@@ -757,6 +758,7 @@ static struct quic_conn_closed *qc_new_cc_conn(struct quic_conn *qc)
        cc_qc->idle_timer_task->context = cc_qc;
        cc_qc->idle_expire = qc->idle_expire;
 
+       cc_qc->cntrs = qc->cntrs;
        cc_qc->conn = qc->conn;
        qc->conn = NULL;