From 136dcd404828546ea5d9457eead3ac05182dd496 Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Fri, 22 Dec 2023 16:07:10 +0100
Subject: [PATCH] BUG/MINOR: h3: disable fast-forward on buffer alloc failure

If QCS Tx buffer cannot be allocated in nego_ff callback, disable
fast-forward for this connection and return immediately. If snd_buf is
later finally used but still no buffer can being allocated, the
connection will be closed on error.

This should fix coverity reported in github issue #2390.

This should be backported up to 2.9.

(cherry picked from commit cfa6d4cdd058ea112c461349a39d095ba96825e4)
[cf: qcc_get_stream_txbuf() does not exist. Result of mux_get_buf() is tested
     instead]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
---
 src/h3.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/h3.c b/src/h3.c
index 099f123..590ce62 100644
--- a/src/h3.c
+++ b/src/h3.c
@@ -2007,8 +2007,11 @@ static size_t h3_nego_ff(struct qcs *qcs, size_t count)
 
 	h3_debug_printf(stderr, "%s\n", __func__);
 
-	/* FIXME: no check on ALLOC ? */
 	res = mux_get_buf(qcs);
+	if (!res) {
+		qcs->sd->iobuf.flags |= IOBUF_FL_NO_FF;
+		goto end;
+	}
 
 	/* h3 DATA headers : 1-byte frame type + varint frame length */
 	hsize = 1 + QUIC_VARINT_MAX_SIZE;
-- 
1.7.10.4