From: Frederic Lecaille <flecaille@haproxy.com>
Date: Fri, 17 Oct 2025 08:47:52 +0000 (+0200)
Subject: BUG/MAJOR: quic: uninitialized quic_conn_closed struct members
X-Git-Tag: v3.3-dev10~9
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=56d15b2a03c52ed7e2ee14200bbf2c04024cd490;p=thirdparty%2Fhaproxy.git

BUG/MAJOR: quic: uninitialized quic_conn_closed struct members

A quic_conn_closed struct is initialized to replace the quic_conn when the
connection enters the closing to reduce the connection memory footprint.
->max_udp_payload quic_conn_close was not initialized leading to possible
BUG_ON()s in qc_rcv_buf() when comparing the RX buf size to this payload.

->cntrs counters were alon not initialized with the only consequence
to generate wrong values for these counters.

Must be backported as far as 2.9.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 95f8216d5..af17d43f0 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -745,6 +745,7 @@ static struct quic_conn_closed *qc_new_cc_conn(struct quic_conn *qc)
 	cc_qc->bytes.tx = qc->bytes.tx;
 	cc_qc->bytes.rx = qc->bytes.rx;
 
+	cc_qc->max_udp_payload = qc->max_udp_payload;
 	cc_qc->odcid = qc->odcid;
 	cc_qc->dcid = qc->dcid;
 	cc_qc->scid = qc->scid;
@@ -757,6 +758,7 @@ static struct quic_conn_closed *qc_new_cc_conn(struct quic_conn *qc)
 	cc_qc->idle_timer_task->context = cc_qc;
 	cc_qc->idle_expire = qc->idle_expire;
 
+	cc_qc->cntrs = qc->cntrs;
 	cc_qc->conn = qc->conn;
 	qc->conn = NULL;