]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7a33b90)
BUG/MINOR: quic-be: unchecked connections during handshakes
authorFrederic Lecaille <flecaille@haproxy.com>
Mon, 20 Oct 2025 12:27:12 +0000 (14:27 +0200)
committerFrederic Lecaille <flecaille@haproxy.com>
Mon, 20 Oct 2025 12:27:12 +0000 (14:27 +0200)
This bug impacts only the backends.

The ->conn (pointer to struct connection) member validity of the ssl_sock_ctx
struct was not checked before being dereferenced, leading to possible crashes
in qc_ssl_do_hanshake() during handshake.

This was reported by GH #3163 issue.

No need to backport because the QUIC backend support arrived with 3.3

src/quic_ssl.c patch | blob | blame | history

diff --git a/src/quic_ssl.c b/src/quic_ssl.c
index 31220ff77b9eb781c2caaa2580fd302bf997e180..6e315ca489b95cdef051bd00e414fc8373779d49 100644 (file)
--- a/src/quic_ssl.c
+++ b/src/quic_ssl.c
@@ -977,7 +977,7 @@ int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
                                goto err;
                        }
                }
-               else {
+               else if (ctx->conn) {
                        const unsigned char *alpn;
                        size_t alpn_len;
 
@@ -998,6 +998,9 @@ int qc_ssl_do_hanshake(struct quic_conn *qc, struct ssl_sock_ctx *ctx)
                        ctx->conn->mux->wake(ctx->conn);
                        qc->mux_state = QC_MUX_READY;
                }
+               else {
+                       TRACE_PROTO("could not start the mux", QUIC_EV_CONN_IO_CB, qc);
+               }
 
                qc->flags |= QUIC_FL_CONN_NEED_POST_HANDSHAKE_FRMS;
                if (!qc_is_back(qc)) {
Mirror of https://github.com/haproxy/haproxy.git