MINOR: quic: Wrong datagram buffer passed to quic_lstnr_dgram_dispatch()
The same datagram could be passed to quic_lstnr_dgram_dispatch() before
being consumed by qc_lstnr_pkt_rcv() leading to a wrong decryption for the packet
number decryption, then a decryption error for the data. This was due to
a wrong datagram buffer passed to quic_lstnr_dgram_dispatch(). The datagram data
which must be passed to quic_lstnr_dgram_dispatch() are the same as the one
passed to recvfrom().
diff --git a/src/quic_sock.c b/src/quic_sock.c
index 087a65d..9a1e5b0 100644
--- a/src/quic_sock.c
+++ b/src/quic_sock.c
@@ -176,6 +176,7 @@
size_t max_sz, cspace;
socklen_t saddrlen;
struct quic_dgram *dgram, *dgramp, *new_dgram;
+ unsigned char *dgram_buf;
BUG_ON(!l);
@@ -224,11 +225,13 @@
b_add(buf, cspace);
if (b_contig_space(buf) < max_sz)
goto out;
+
}
+ dgram_buf = (unsigned char *)b_tail(buf);
saddrlen = sizeof saddr;
do {
- ret = recvfrom(fd, b_tail(buf), max_sz, 0,
+ ret = recvfrom(fd, dgram_buf, max_sz, 0,
(struct sockaddr *)&saddr, &saddrlen);
if (ret < 0) {
if (errno == EINTR)
@@ -240,8 +243,8 @@
} while (0);
b_add(buf, ret);
- if (!quic_lstnr_dgram_dispatch((unsigned char *)b_head(buf), ret,
- l, &saddr, new_dgram, &rxbuf->dgrams)) {
+ if (!quic_lstnr_dgram_dispatch(dgram_buf, ret, l, &saddr,
+ new_dgram, &rxbuf->dgrams)) {
/* If wrong, consume this datagram */
b_del(buf, ret);
}