From d5376b7a874776b4d5d79f9b746d4654df796f85 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Thu, 20 Jun 2024 17:54:04 +0200 Subject: [PATCH] BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure On quic_tx_packet allocation failure, it is possible to trigger BUG_ON() crash on INITIAL packet building. This statement is responsible to ensure INITIAL packets are padded to 1.200 bytes as required. If a packet on higher encryption level allocation fails, PADDING frame cannot properly encoded, despite the INITIAL packet properly built. This crash happens due to qc_txb_store() invokation after quic_tx_packet allocation failure to validate already built packets. However, this statement is unneeded as qc_purge_tx_buf() is called just after. Simply remove qc_txb_store() to fix this issue. This was detected using -dMfail. This should be backported up to 2.6. --- src/quic_tx.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/quic_tx.c b/src/quic_tx.c index c963688ae..a2e9524c2 100644 --- a/src/quic_tx.c +++ b/src/quic_tx.c @@ -584,8 +584,6 @@ static int qc_prep_pkts(struct quic_conn *qc, struct buffer *buf, if (!cur_pkt) { switch (err) { case QC_BUILD_PKT_ERR_ALLOC: - if (first_pkt) - qc_txb_store(buf, dglen, first_pkt); qc_purge_tx_buf(qc, buf); break;