From 29a1d3679b704766eccd4935a4b7ff8fd16f7190 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Fri, 2 Jun 2023 16:56:16 +0200
Subject: [PATCH] BUG/MINOR: quic: Possible crash when SSL session init fails

This is due to the fact that qc->conn is never initialized before calling
qc_ssl_sess_init().

Must be backported as far as 2.6.
---
 src/quic_conn.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 459c22aded..f0a0df7cc2 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6733,7 +6733,7 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl,
 	*ssl = SSL_new(ssl_ctx);
 	if (!*ssl) {
 		if (!retry--)
-			goto err;
+			goto leave;
 
 		pool_gc(NULL);
 		goto retry;
@@ -6744,7 +6744,7 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl,
 		SSL_free(*ssl);
 		*ssl = NULL;
 		if (!retry--)
-			goto err;
+			goto leave;
 
 		pool_gc(NULL);
 		goto retry;
@@ -6754,10 +6754,6 @@ static int qc_ssl_sess_init(struct quic_conn *qc, SSL_CTX *ssl_ctx, SSL **ssl,
  leave:
 	TRACE_LEAVE(QUIC_EV_CONN_NEW, qc);
 	return ret;
-
- err:
-	qc->conn->err_code = CO_ER_SSL_NO_MEM;
-	goto leave;
 }
 
 /* Allocate the ssl_sock_ctx from connection <qc>. This creates the tasklet