From f67b35620e9310f446923312ba0ce765359f8a47 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Mon, 15 Nov 2021 16:21:40 +0100 Subject: [PATCH] MINOR: quic: Wrong Initial packet connection initialization ->qc (QUIC connection) member of packet structure were badly initialized when received as second Initial packet (from picoquic -Q for instance). This leaded to corrupt the quic_conn structure with random behaviors as size effects. This bug came with this commit: "MINOR: quic: Possible wrong connection identification" --- src/xprt_quic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/xprt_quic.c b/src/xprt_quic.c index a5740db..d451160 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -3759,9 +3759,9 @@ static ssize_t qc_lstnr_pkt_rcv(unsigned char **buf, const unsigned char *end, } HA_RWLOCK_WRUNLOCK(QUIC_LOCK, &l->rx.cids_lock); - pkt->qc = qc; if (n == &qc->odcid_node) { /* Enqueue this packet. */ + pkt->qc = qc; MT_LIST_APPEND(&l->rx.pkts, &pkt->rx_list); /* Try to accept a new connection. */ listener_accept(l); @@ -3769,6 +3769,7 @@ static ssize_t qc_lstnr_pkt_rcv(unsigned char **buf, const unsigned char *end, else { quic_conn_free(qc); qc = ebmb_entry(n, struct quic_conn, odcid_node); + pkt->qc = qc; } /* This is the DCID node sent in this packet by the client. */ -- 1.7.10.4