BUG/MINOR: quic-sock: do not double free session on conn init failure

In the quic_session_accept, connection is in charge to call the quic-conn start callback. If this callback fails for whatever reason, there is a crash because of an explicit session_free. This happens because the connection is now the owner of the session due to previous conn_complete_session call. It will automatically calls session_free. Fix this by skipping the session_free explicit invocation on error. In practice, currently this has never happened as there is only limited cases of failures for conn_xprt_start for QUIC.
2025-01-25 23:12:54 +00:00 · 2022-04-13 16:58:26 +02:00 · 2022-04-13 16:58:26 +02:00 · 622ec4166b
commit 622ec4166b
parent 2461bd534a
1 changed files with 10 additions and 2 deletions
--- a/src/quic_sock.c
+++ b/src/quic_sock.c
@ -66,8 +66,16 @@ int quic_session_accept(struct connection *cli_conn)
 	if (conn_complete_session(cli_conn) < 0)
 		goto out_free_sess;

-	if (conn_xprt_start(cli_conn) >= 0)
-		return 1;
+	if (conn_xprt_start(cli_conn) < 0) {
+		/* conn_complete_session has succeeded : conn is the owner of
+		 * the session and the MUX is initialized.
+		 * Let the MUX free all resources on error.
+		 */
+		cli_conn->mux->destroy(cli_conn->ctx);
+		return -1;
+	}
+
+	return 1;

 out_free_sess:
 	/* prevent call to listener_release during session_free. It will be