From: Amaury Denoyelle Date: Mon, 13 Apr 2026 06:47:01 +0000 (+0200) Subject: BUG/MINOR: xprt_qstrm: do not parse record length on read again X-Git-Tag: v3.4-dev9~103 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=b8145fa5d4be12aa6f2f6d0367589e7bffa4ba55;p=thirdparty%2Fhaproxy.git BUG/MINOR: xprt_qstrm: do not parse record length on read again conn_recv_qstrm() may be called several times per connection if the read data is too short and a truncated record is received. Previously, record length was parsed every time the function is invoked. However, this must only be performed if record length varint is incomplete. Once read and parsed, data are removed from the buffer via b_quic_dec_int(). Thus, next conn_recv_qstrm() run will reread an invalid record length this time. This patch fixes this by only parsing record length if member is null. Prior to it, parsing of QMux transport parameters would fail in case of a first truncated read, which would prevent the connection initialization. No need to backport. --- diff --git a/src/xprt_qstrm.c b/src/xprt_qstrm.c index 38f527d48..2c5b147f0 100644 --- a/src/xprt_qstrm.c +++ b/src/xprt_qstrm.c @@ -81,7 +81,7 @@ int conn_recv_qstrm(struct connection *conn, struct xprt_qstrm_ctx *ctx, int fla goto not_ready; /* Read record length. */ - if (!b_quic_dec_int(&ctx->rxrlen, buf, NULL)) + if (!ctx->rxrlen && !b_quic_dec_int(&ctx->rxrlen, buf, NULL)) goto not_ready; /* Reject too small or too big records. */