From 577fe488902aaf9bcab7f5ac6d14be4465238c62 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Mon, 11 Jan 2021 15:10:06 +0100 Subject: [PATCH] BUG/MINOR: quic: Possible NULL pointer dereferencing when dumping streams. This bug may occur when displaying streams traces. It came with this commit: 242fb1b63 ("MINOR: quic: Drop packets with STREAM frames with wrong direction."). --- src/xprt_quic.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/xprt_quic.c b/src/xprt_quic.c index e4609d3413..1c8e9de851 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -574,14 +574,17 @@ static void quic_trace(enum trace_level level, uint64_t mask, const struct trace if (mask & QUIC_EV_CONN_PSTRM) { const struct quic_frame *frm = a2; - const struct quic_stream *s = &frm->stream; - - chunk_appendf(&trace_buf, " uni=%d fin=%d id=%llu off=%llu len=%llu", - !!(s->id & QUIC_STREAM_FRAME_ID_DIR_BIT), - !!(frm->type & QUIC_STREAM_FRAME_TYPE_FIN_BIT), - (unsigned long long)s->id, - (unsigned long long)s->offset, - (unsigned long long)s->len); + + if (a2) { + const struct quic_stream *s = &frm->stream; + + chunk_appendf(&trace_buf, " uni=%d fin=%d id=%llu off=%llu len=%llu", + !!(s->id & QUIC_STREAM_FRAME_ID_DIR_BIT), + !!(frm->type & QUIC_STREAM_FRAME_TYPE_FIN_BIT), + (unsigned long long)s->id, + (unsigned long long)s->offset, + (unsigned long long)s->len); + } } } if (mask & QUIC_EV_CONN_LPKT) { -- 2.47.3