BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure

On quic_tx_packet allocation failure, it is possible to trigger BUG_ON() crash on INITIAL packet building. This statement is responsible to ensure INITIAL packets are padded to 1.200 bytes as required. If a packet on higher encryption level allocation fails, PADDING frame cannot properly encoded, despite the INITIAL packet properly built. This crash happens due to qc_txb_store() invokation after quic_tx_packet allocation failure to validate already built packets. However, this statement is unneeded as qc_purge_tx_buf() is called just after. Simply remove qc_txb_store() to fix this issue. This was detected using -dMfail. This should be backported up to 2.6.
2024-06-20 17:54:04 +02:00 · 2024-06-20 17:54:04 +02:00 · d5376b7a87
commit d5376b7a87
parent 5718c67c19
1 changed files with 0 additions and 2 deletions
--- a/src/quic_tx.c
+++ b/src/quic_tx.c
@ -584,8 +584,6 @@ static int qc_prep_pkts(struct quic_conn *qc, struct buffer *buf,
 			if (!cur_pkt) {
 				switch (err) {
 				case QC_BUILD_PKT_ERR_ALLOC:
-					if (first_pkt)
-						qc_txb_store(buf, dglen, first_pkt);
 					qc_purge_tx_buf(qc, buf);
 					break;