Commit 275dab58f0 for openssl.org
commit 275dab58f07deb08e148e954c096a6d005e2c548
Author: Sunwoo Lee <sunwoolee@kentech.ac.kr>
Date: Sat Mar 28 08:58:41 2026 +0900
quic: remove unused scid from port_default_packet_handler
Remove the scid variable entirely from port_default_packet_handler()
and all functions that accept it as a parameter. The scid was never
used meaningfully — cur_remote_dcid is set later during the handshake.
Remove scid parameter from:
- port_bind_channel()
- port_validate_token()
- ossl_quic_channel_on_new_conn()
- ossl_quic_bind_channel()
- ch_on_new_conn_common()
Remove the cur_remote_dcid = *peer_scid assignment in
ch_on_new_conn_common() as it wrote dead data.
CWE-457
Reported-by: Sunwoo Lee <sunwoolee@kentech.ac.kr>
CLA: trivial
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Wed Apr 8 10:21:55 2026
(Merged from https://github.com/openssl/openssl/pull/30611)
diff --git a/include/internal/quic_channel.h b/include/internal/quic_channel.h
index 147642d0fb..1cfd6495b0 100644
--- a/include/internal/quic_channel.h
+++ b/include/internal/quic_channel.h
@@ -297,7 +297,6 @@ void ossl_quic_channel_on_new_conn_id(QUIC_CHANNEL *ch,
/* Temporarily exposed during QUIC_PORT transition. */
int ossl_quic_channel_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
- const QUIC_CONN_ID *peer_scid,
const QUIC_CONN_ID *peer_dcid);
/* For use by QUIC_PORT. You should not need to call this directly. */
@@ -540,8 +539,7 @@ uint64_t ossl_quic_channel_get_active_conn_id_limit_request(const QUIC_CHANNEL *
uint64_t ossl_quic_channel_get_active_conn_id_limit_peer_request(const QUIC_CHANNEL *ch);
int ossl_quic_bind_channel(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
- const QUIC_CONN_ID *scid, const QUIC_CONN_ID *dcid,
- const QUIC_CONN_ID *odcid);
+ const QUIC_CONN_ID *dcid, const QUIC_CONN_ID *odcid);
void ossl_quic_channel_set_tcause(QUIC_CHANNEL *ch, uint64_t app_error_code,
const char *app_reason);
diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index ab33e66efd..fe819b4b2f 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -3672,7 +3672,6 @@ static void ch_on_idle_timeout(QUIC_CHANNEL *ch)
* @return 1 on success, 0 on failure to set required elements.
*/
static int ch_on_new_conn_common(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
- const QUIC_CONN_ID *peer_scid,
const QUIC_CONN_ID *peer_dcid,
const QUIC_CONN_ID *peer_odcid)
{
@@ -3681,7 +3680,6 @@ static int ch_on_new_conn_common(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
return 0;
ch->init_dcid = *peer_dcid;
- ch->cur_remote_dcid = *peer_scid;
ch->odcid.id_len = 0;
if (peer_odcid != NULL)
@@ -3725,7 +3723,6 @@ static int ch_on_new_conn_common(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
/* Called when we, as a server, get a new incoming connection. */
int ossl_quic_channel_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
- const QUIC_CONN_ID *peer_scid,
const QUIC_CONN_ID *peer_dcid)
{
if (!ossl_assert(ch->state == QUIC_CHANNEL_STATE_IDLE && ch->is_server))
@@ -3735,7 +3732,7 @@ int ossl_quic_channel_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
if (!ossl_quic_lcidm_generate_initial(ch->lcidm, ch, &ch->cur_local_cid))
return 0;
- return ch_on_new_conn_common(ch, peer, peer_scid, peer_dcid, NULL);
+ return ch_on_new_conn_common(ch, peer, peer_dcid, NULL);
}
/**
@@ -3762,7 +3759,6 @@ int ossl_quic_channel_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
* met (e.g., channel is not idle or not a server, or binding fails).
*/
int ossl_quic_bind_channel(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
- const QUIC_CONN_ID *peer_scid,
const QUIC_CONN_ID *peer_dcid,
const QUIC_CONN_ID *peer_odcid)
{
@@ -3781,7 +3777,7 @@ int ossl_quic_bind_channel(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
* peer_odcid <=> is initial dst conn id chosen by peer in its
* first initial packet we received without token.
*/
- return ch_on_new_conn_common(ch, peer, peer_scid, peer_dcid, peer_odcid);
+ return ch_on_new_conn_common(ch, peer, peer_dcid, peer_odcid);
}
SSL *ossl_quic_channel_get0_ssl(QUIC_CHANNEL *ch)
diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index c6184623bc..5b891581dc 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -810,7 +810,7 @@ static void port_rx_pre(QUIC_PORT *port)
* to *new_ch.
*/
static void port_bind_channel(QUIC_PORT *port, const BIO_ADDR *peer,
- const QUIC_CONN_ID *scid, const QUIC_CONN_ID *dcid,
+ const QUIC_CONN_ID *dcid,
const QUIC_CONN_ID *odcid, OSSL_QRX *qrx,
QUIC_CHANNEL **new_ch)
{
@@ -860,7 +860,7 @@ static void port_bind_channel(QUIC_PORT *port, const BIO_ADDR *peer,
* See RFC 9000 s. 8.1
*/
ossl_quic_tx_packetiser_set_validated(ch->txp);
- if (!ossl_quic_bind_channel(ch, peer, scid, dcid, odcid)) {
+ if (!ossl_quic_bind_channel(ch, peer, dcid, odcid)) {
ossl_quic_channel_free(ch);
return;
}
@@ -869,7 +869,7 @@ static void port_bind_channel(QUIC_PORT *port, const BIO_ADDR *peer,
* No odcid means we didn't do server validation, so we need to
* generate a cid via ossl_quic_channel_on_new_conn
*/
- if (!ossl_quic_channel_on_new_conn(ch, peer, scid, dcid)) {
+ if (!ossl_quic_channel_on_new_conn(ch, peer, dcid)) {
ossl_quic_channel_free(ch);
return;
}
@@ -1416,8 +1416,7 @@ static void port_send_version_negotiation(QUIC_PORT *port, BIO_ADDR *peer,
* configurable in the future.
*/
static int port_validate_token(QUIC_PKT_HDR *hdr, QUIC_PORT *port,
- BIO_ADDR *peer, QUIC_CONN_ID *odcid,
- QUIC_CONN_ID *scid, uint8_t *gen_new_token)
+ BIO_ADDR *peer, QUIC_CONN_ID *odcid, uint8_t *gen_new_token)
{
int ret = 0;
QUIC_VALIDATION_TOKEN token = { 0 };
@@ -1477,11 +1476,9 @@ static int port_validate_token(QUIC_PKT_HDR *hdr, QUIC_PORT *port,
!= 0)
goto err;
*odcid = token.odcid;
- *scid = token.rscid;
} else {
if (!ossl_quic_lcidm_get_unused_cid(port->lcidm, odcid))
goto err;
- *scid = hdr->src_conn_id;
}
/*
@@ -1570,7 +1567,7 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
PACKET pkt;
QUIC_PKT_HDR hdr;
QUIC_CHANNEL *ch = NULL, *new_ch = NULL;
- QUIC_CONN_ID odcid, scid;
+ QUIC_CONN_ID odcid;
uint8_t gen_new_token = 0;
OSSL_QRX *qrx = NULL;
OSSL_QRX *qrx_src = NULL;
@@ -1720,8 +1717,7 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
*/
if (hdr.token != NULL
&& port_validate_token(&hdr, port, &e->peer,
- &odcid, &scid,
- &gen_new_token)
+ &odcid, &gen_new_token)
== 0) {
/*
* RFC 9000 s 8.1.3
@@ -1754,7 +1750,7 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
qrx = NULL;
}
- port_bind_channel(port, &e->peer, &scid, &hdr.dst_conn_id,
+ port_bind_channel(port, &e->peer, &hdr.dst_conn_id,
&odcid, qrx, &new_ch);
/*