BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns

This bug arrived with this naive commit: BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only) which omitted to consider the case where the Initial packet number space could be discarded before receiving 0-RTT packets. To fix this, append/insert the O-RTT (early-data) packet number space into the encryption level list depending on the presence or not of the Initial packet number space. This issue was revealed when using aws-lc as TLS stack in GH #2701 issue. Thank you to @Tristan971 for having reported this issue. Must be backported where the commit mentionned above is supposed to be backported: as far as 2.9.
2026-04-20 22:01:49 -04:00 · 2024-09-03 15:10:25 +02:00 · 2024-09-03 15:10:25 +02:00 · 7e19432fd4
commit 7e19432fd4
parent f8bff3b531
1 changed files with 6 additions and 2 deletions
--- a/src/quic_tls.c
+++ b/src/quic_tls.c
@ -252,8 +252,12 @@ static int quic_conn_enc_level_init(struct quic_conn *qc,
 	 * Here early-data is added after the Initial encryption level which is
 	 * always already present.
 	 */
-	if (level == ssl_encryption_early_data)
-		LIST_APPEND(&qc->iel->list, &qel->list);
+	if (level == ssl_encryption_early_data) {
+		if (qc->iel)
+			LIST_APPEND(&qc->iel->list, &qel->list);
+		else
+			LIST_INSERT(&qc->qel_list, &qel->list);
+	}
 	else
 		LIST_APPEND(&qc->qel_list, &qel->list);
 	*el = qel;