BUG/MINOR: mux-quic: free task on qc_init() app ops failure

qc_init() is used to initialize a QUIC MUX instance. On failure, each resources are released via a series of goto statements. There is one issue if the app_ops.init callback fails. In this case, MUX task is not freed. This can cause a crash as the task is already scheduled. When the handler will run, it will crash when trying to access qcc instance. To fix this, properly destroy qcc task on fail_install_app_ops label. The impact of this bug is minor as app_ops.init callback succeeds most of the time. However, it may fail on allocation failure due to memory exhaustion. This may fix github issue #2154. This must be backported up to 2.7.
2025-04-04 15:19:52 +00:00 · 2023-05-12 16:29:48 +02:00 · 2023-05-12 16:29:48 +02:00 · ee65efbfae
commit ee65efbfae
parent 6c501ed23b
1 changed files with 1 additions and 0 deletions
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@ -2569,6 +2569,7 @@ static int qc_init(struct connection *conn, struct proxy *prx,
 fail_install_app_ops:
 	if (qcc->app_ops && qcc->app_ops->release)
 		qcc->app_ops->release(qcc->ctx);
+	task_destroy(qcc->task);
 fail_no_timeout_task:
 	tasklet_free(qcc->wait_event.tasklet);
 fail_no_tasklet: