BUG/MINOR: quic-sock: do not double free session on conn init failure In the quic_session_accept, connection is in charge to call the quic-conn start callback. If this callback fails for whatever reason, there is a crash because of an explicit session_free. This happens because the connection is now the owner of the session due to previous conn_complete_session call. It will automatically calls session_free. Fix this by skipping the session_free explicit invocation on error. In practice, currently this has never happened as there is only limited cases of failures for conn_xprt_start for QUIC.

commit: 622ec4166b8d755a9dde9cd3024a2046dd555a48 [log] [tgz]
author: Amaury Denoyelle <adenoyelle@haproxy.com> Wed Apr 13 16:58:26 2022 +0200
committer: Amaury Denoyelle <adenoyelle@haproxy.com> Thu Apr 14 14:50:12 2022 +0200
tree: 14c9f75c81f7e4cca41924245972c36475a487f6
parent: 2461bd534a1639775b2264a2f307e9684a912fc0 [diff] [blame]
diff --git a/src/quic_sock.c b/src/quic_sock.c
index 1aa0015..3baf3fd 100644
--- a/src/quic_sock.c
+++ b/src/quic_sock.c

@@ -66,8 +66,16 @@
 	if (conn_complete_session(cli_conn) < 0)
 		goto out_free_sess;
 
-	if (conn_xprt_start(cli_conn) >= 0)
-		return 1;
+	if (conn_xprt_start(cli_conn) < 0) {
+		/* conn_complete_session has succeeded : conn is the owner of
+		 * the session and the MUX is initialized.
+		 * Let the MUX free all resources on error.
+		 */
+		cli_conn->mux->destroy(cli_conn->ctx);
+		return -1;
+	}
+
+	return 1;
 
  out_free_sess:
 	/* prevent call to listener_release during session_free. It will be
commit	622ec4166b8d755a9dde9cd3024a2046dd555a48	[log] [tgz]
author	Amaury Denoyelle <adenoyelle@haproxy.com>	Wed Apr 13 16:58:26 2022 +0200
committer	Amaury Denoyelle <adenoyelle@haproxy.com>	Thu Apr 14 14:50:12 2022 +0200
tree	14c9f75c81f7e4cca41924245972c36475a487f6
parent	2461bd534a1639775b2264a2f307e9684a912fc0 [diff] [blame]