MINOR: quic: Wrong Initial packet connection initialization ->qc (QUIC connection) member of packet structure were badly initialized when received as second Initial packet (from picoquic -Q for instance). This leaded to corrupt the quic_conn structure with random behaviors as size effects. This bug came with this commit: "MINOR: quic: Possible wrong connection identification"

commit: f67b35620e9310f446923312ba0ce765359f8a47 [log] [tgz]
author: Frédéric Lécaille <flecaille@haproxy.com> Mon Nov 15 16:21:40 2021 +0100
committer: Frédéric Lécaille <flecaille@haproxy.com> Fri Nov 19 14:37:35 2021 +0100
tree: 1bf2c13cf724cbd5975b5f5170ef162c2f09cc5d
parent: ca98a7f9c01ec03b152dbb8de9e1e953e583caf8 [diff]
diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index a5740db..d451160 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c

@@ -3759,9 +3759,9 @@
 			}
 			HA_RWLOCK_WRUNLOCK(QUIC_LOCK, &l->rx.cids_lock);
 
-			pkt->qc = qc;
 			if (n == &qc->odcid_node) {
 				/* Enqueue this packet. */
+				pkt->qc = qc;
 				MT_LIST_APPEND(&l->rx.pkts, &pkt->rx_list);
 				/* Try to accept a new connection. */
 				listener_accept(l);
@@ -3769,6 +3769,7 @@
 			else {
 				quic_conn_free(qc);
 				qc = ebmb_entry(n, struct quic_conn, odcid_node);
+				pkt->qc = qc;
 			}
 
 			/* This is the DCID node sent in this packet by the client. */
commit	f67b35620e9310f446923312ba0ce765359f8a47	[log] [tgz]
author	Frédéric Lécaille <flecaille@haproxy.com>	Mon Nov 15 16:21:40 2021 +0100
committer	Frédéric Lécaille <flecaille@haproxy.com>	Fri Nov 19 14:37:35 2021 +0100
tree	1bf2c13cf724cbd5975b5f5170ef162c2f09cc5d
parent	ca98a7f9c01ec03b152dbb8de9e1e953e583caf8 [diff]