From 0e25783d47edfc8efeb53a3c1a93aca270af1890 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Tue, 16 Nov 2021 10:54:19 +0100 Subject: [PATCH] MINOR: quic: Wrong ACK range building When adding a range, if no "lower" range was present in the ack range root for the packet number space concerned, we did not check if the new added range could overlap the next one. This leaded haproxy to crash when encoding negative integer when building ACK frames. This bug was revealed thanks to "multi_packet_client_hello" QUIC tracker test which makes a client send two first Initial packets out of order. --- src/xprt_quic.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/xprt_quic.c b/src/xprt_quic.c index d451160..0407cc7 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -2592,6 +2592,8 @@ int quic_update_ack_ranges_list(struct quic_arngs *arngs, new_node = quic_insert_new_range(arngs, ar); if (!new_node) return 0; + + new = &new_node->first; } else { struct quic_arng_node *le_ar = -- 1.7.10.4