RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-25 04:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: quic: always remove the connection from the accept list on close

Browse Source 
Fred managed to reproduce a crash showing a corrupted accept_list when
firing thousands of concurrent picoquicdemo clients to a same instance.
It may happen if the connection was placed into the accept_list and
immediately closed before being processed (e.g. on error or t/o ?).

In any case the quic_conn_release() function should always detach a
connection to be deleted from any list, like it does for other lists,
so let's add an MT_LIST_DELETE() here.

This should be backported to 2.6.
This commit is contained in:
Willy Tarreau 2022-08-10 07:26:27 +02:00
parent f0f92b2db8
commit 54bc78693d
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/xprt_quic.c
View File

@ -4084,6 +4084,11 @@ static void quic_conn_release(struct quic_conn *qc)
/* We must not free the quic-conn if the MUX is still allocated. */
BUG_ON(qc->mux_state == QC_MUX_READY);
/* in the unlikely (but possible) case the connection was just added to
* the accept_list we must delete it from there.
*/
MT_LIST_DELETE(&qc->accept_list);
/* free remaining stream descriptors */
node = eb64_first(&qc->streams_by_id);
while (node) {