QUIC: fixed possible segfault on handshake failures.

When using OpenSSL 3.5, the crypto_release_rcd QUIC callback can be
called late, after the QUIC connection was already closed on handshake
failure, resulting in a segmentation fault.  For instance, it happened
if a client Finished message didn't align with a record boundary.

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
index a502431f42df1e7df76e9fb129579bb3a70374f0..18992ae1be6fc18d440f2cb19dd3788d8210c3c0 100644 (file)
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -185,7 +185,13 @@ ngx_quic_cbs_release_rcd(ngx_ssl_conn_t *ssl_conn, size_t bytes_read, void *arg)
     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
                    "quic ngx_quic_cbs_release_rcd len:%uz", bytes_read);
 
+    /* already closed on handshake failure */
+
     qc = ngx_quic_get_connection(c);
+    if (qc == NULL) {
+        return 1;
+    }
+
     ctx = ngx_quic_get_send_ctx(qc, qc->read_level);
 
     cl = ngx_quic_read_buffer(c, &ctx->crypto, bytes_read);