From aeb2f28ca76faf01b19273776ffaef19e811df2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Tue, 5 Sep 2023 10:12:27 +0200 Subject: [PATCH] BUG/MINOR: quic: Unchecked pointer to Handshake packet number space It is possible that there are still Initial crypto data in flight without Handshake crypto data in flight. This is very rare but possible. This issue was reported by handshakeloss interop test with quic-go as client and @chipitsine in GH #2279. No need to backport. --- src/quic_tx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/quic_tx.c b/src/quic_tx.c index 46dd6bad8..67c57efb5 100644 --- a/src/quic_tx.c +++ b/src/quic_tx.c @@ -1333,7 +1333,8 @@ int qc_dgrams_retransmit(struct quic_conn *qc) if (!LIST_ISEMPTY(&hfrms)) hpktns->tx.pto_probe = 1; qc->iel->retrans_frms = &ifrms; - qc->hel->retrans_frms = &hfrms; + if (qc->hel) + qc->hel->retrans_frms = &hfrms; if (!qc_send_hdshk_pkts(qc, 1, qc->iel, qc->hel)) goto leave; /* Put back unsent frames in their packet number spaces */