RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-18 03:26:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: quic: Avoid starting the mux if no ALPN sent by the client

Browse Source 
If the client does not sent an ALPN, the SSL ALPN negotiation callback
is not called. However, the handshake is reported as successful. Check
just after SSL_do_handshake if an ALPN was negotiated. If not, emit a
CONNECTION_CLOSE with a TLS alert to close the connection.

This prevent a crash in qcc_install_app_ops() called with null as second
parameter value.
This commit is contained in:
Frédéric Lécaille 2022-04-13 16:20:09 +02:00 committed by Amaury Denoyelle
parent 186354beac
commit bc964bd1ae
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/xprt_quic.c
View File

@ -2068,6 +2068,14 @@ static inline int qc_provide_cdata(struct quic_enc_level *el,
}
TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_IO_CB, qc, &state);
/* Check the alpn could be negotiated */
if (!qc->app_ops) {
TRACE_PROTO("No ALPN", QUIC_EV_CONN_IO_CB, qc, &state);
quic_set_tls_alert(qc, SSL_AD_NO_APPLICATION_PROTOCOL);
goto err;
}
/* I/O callback switch */
ctx->wait_event.tasklet->process = quic_conn_app_io_cb;
if (qc_is_listener(ctx->qc)) {