From 205312023af40b8991d0c087dab436c96a6a3e8f Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Wed, 27 May 2026 15:35:34 +0200 Subject: [PATCH] BUG/MEDIUM: qmux: do not crash on receiving an invalid first frame With QMux, each peer has to first emit a transport parameters frame. If the received frame is different, xprt_qmux handshake cannot proceed. This patch removes the BUG_ON() in this case, replacing it with a safer connection closure. In the future, a graceful close with CONNECTION_CLOSE frame should be implemented. No need to backport. --- src/xprt_qmux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/xprt_qmux.c b/src/xprt_qmux.c index 56e68edba..e544f559a 100644 --- a/src/xprt_qmux.c +++ b/src/xprt_qmux.c @@ -106,7 +106,8 @@ int conn_recv_qmux(struct connection *conn, struct xprt_qmux_ctx *ctx, int flag) goto fail; /* TODO close connection with TRANSPORT_PARAMETER_ERROR if frame not present. */ - BUG_ON(frm.type != QUIC_FT_QX_TRANSPORT_PARAMETERS); + if (frm.type != QUIC_FT_QX_TRANSPORT_PARAMETERS) + goto fail; if (!qc_parse_frm_payload(&frm, &pos, end, NULL)) goto fail; -- 2.47.3