From 6aeaa73d3972198c22e6345bd2d91706ed6e89f3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Mon, 3 Jul 2023 17:16:31 +0200 Subject: [PATCH] BUG/MINOR: quic: Possible crash in "show quic" dumping packet number spaces This bug was introduced by this commit: MEDIUM: quic: Release encryption levels and packet number spaces asap Add some checks before derefencing pointers to packet number spaces objects to dump them from "show quic" command. No backport needed. --- src/quic_conn.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/quic_conn.c b/src/quic_conn.c index 24686e082f..5964dda1ad 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -8808,14 +8808,22 @@ static void dump_quic_full(struct show_quic_ctx *ctx, struct quic_conn *qc) /* Packet number spaces information */ pktns = qc->ipktns; - chunk_appendf(&trash, " [initl] rx.ackrng=%-6zu tx.inflight=%-6zu", - pktns->rx.arngs.sz, pktns->tx.in_flight); + if (pktns) { + chunk_appendf(&trash, " [initl] rx.ackrng=%-6zu tx.inflight=%-6zu", + pktns->rx.arngs.sz, pktns->tx.in_flight); + } + pktns = qc->hpktns; - chunk_appendf(&trash, " [hndshk] rx.ackrng=%-6zu tx.inflight=%-6zu\n", - pktns->rx.arngs.sz, pktns->tx.in_flight); + if (pktns) { + chunk_appendf(&trash, " [hndshk] rx.ackrng=%-6zu tx.inflight=%-6zu\n", + pktns->rx.arngs.sz, pktns->tx.in_flight); + } + pktns = qc->apktns; - chunk_appendf(&trash, " [01rtt] rx.ackrng=%-6zu tx.inflight=%-6zu\n", - pktns->rx.arngs.sz, pktns->tx.in_flight); + if (pktns) { + chunk_appendf(&trash, " [01rtt] rx.ackrng=%-6zu tx.inflight=%-6zu\n", + pktns->rx.arngs.sz, pktns->tx.in_flight); + } chunk_appendf(&trash, " srtt=%-4u rttvar=%-4u rttmin=%-4u ptoc=%-4u cwnd=%-6llu" " mcwnd=%-6llu sentpkts=%-6llu lostpkts=%-6llu\n", -- 2.47.3