BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure

On quic_tx_packet allocation failure, it is possible to trigger BUG_ON() crash on INITIAL packet building. This statement is responsible to ensure INITIAL packets are padded to 1.200 bytes as required. If a packet on higher encryption level allocation fails, PADDING frame cannot properly encoded, despite the INITIAL packet properly built. This crash happens due to qc_txb_store() invokation after quic_tx_packet allocation failure to validate already built packets. However, this statement is unneeded as qc_purge_tx_buf() is called just after. Simply remove qc_txb_store() to fix this issue. This was detected using -dMfail. This should be backported up to 2.6. (cherry picked from commit d5376b7a874776b4d5d79f9b746d4654df796f85) [cf: ctx adjt] Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
2024-06-20 17:54:04 +02:00 · 2024-06-20 17:54:04 +02:00 · 078cb85b89
commit 078cb85b89
parent 83bd975406
1 changed files with 0 additions and 2 deletions
--- a/src/quic_tx.c
+++ b/src/quic_tx.c
@ -601,8 +601,6 @@ static int qc_prep_pkts(struct quic_conn *qc, struct buffer *buf,
 			                       probe, cc, &err);
 			switch (err) {
 				case -3:
-					if (first_pkt)
-						qc_txb_store(buf, dglen, first_pkt);
 					qc_purge_tx_buf(qc, buf);
 					goto leave;
 				case -2: