BUG/MINOR: mux-quic: fix potential NULL deref on qcc_release()

In qcc_release(), <conn> may be NULL. Thus every access on it must be
tested.

With recent QMux introduction, a call to conn_is_quic() has been added
prior to registration of the stream rejection callback. It could lead to
NULL deref as <conn> is not tested there. Fix this by adding an extra
check on the pointer validity.

No need to backport.

diff --git a/src/mux_quic.c b/src/mux_quic.c
index 732a3367196111491ffc42b0c403cd0fe81f61d5..234dfe1c00bf69b02af0e6779beb5d84df57dca2 100644 (file)
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -3463,7 +3463,7 @@ static void qcc_release(struct qcc *qcc)
        if (qcc->app_ops) {
                if (qcc->app_ops->release)
                        qcc->app_ops->release(qcc->ctx);
-               if (conn_is_quic(conn) && conn->handle.qc)
+               if (conn && conn_is_quic(conn) && conn->handle.qc)
                        conn->handle.qc->strm_reject = qcc->app_ops->strm_reject;
        }
        TRACE_PROTO("application layer released", QMUX_EV_QCC_END, conn);