BUG/MINOR: quic: ensure a detached coalesced packet can't access its neighbours

Reset ->prev and ->next fields of a coalesced TX packet to ensure it cannot access
several times its neighbours after it is supposed to be detached from them calling
quic_tx_packet_dgram_detach().

There are two cases where a packet can be coalesced to another previous built one:
this is when it is built into the same datagrame without GSO (and flagged flag with
QUIC_FL_TX_PACKET_COALESCED) or when sent from the same sendto() syscall with GOS
(not flagged with QUIC_FL_TX_PACKET_COALESCED).

This fix may be in relation with GH #2839.

Must be backported as far as 2.6.

(cherry picked from commit cb729fb64d18815fd73e48d24f0d58a830aee63c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit d3eb23c684269d22a5d9059b38018c76c4926c3b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/include/haproxy/quic_tx.h b/include/haproxy/quic_tx.h
index 55530d9..031feb0 100644 (file)
--- a/include/haproxy/quic_tx.h
+++ b/include/haproxy/quic_tx.h
@@ -58,6 +58,7 @@ static inline void quic_tx_packet_dgram_detach(struct quic_tx_packet *pkt)
                pkt->prev->next = pkt->next;
        if (pkt->next)
                pkt->next->prev = pkt->prev;
+       pkt->prev = pkt->next = NULL;
 }