Dev news

Commit cfd4dca5c9 for openssl.org

commit cfd4dca5c946d93e06bdf28f196ab9f989a26400
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date:   Wed Mar 18 09:59:31 2026 +0100

    quic_channel.c: check the setters return values

    ...and call them before updating QUIC_CHANNEL parameters.
    Unchecked return value has been initially reported by Coverity
    for ossl_quic_rxfc_init() call in ossl_quic_channel_set_max_data_request(),
    but also seems to be relevant for ossl_quic_channel_set_max_streams_request()
    and ossl_quic_channel_set_ack_delay_exponent_request().

    Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1689768
    Fixes: 35dc6c353bfe "QUIC: Make more transport parameters configurable"
    Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

    Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Wed Apr  8 10:05:25 2026
    (Merged from https://github.com/openssl/openssl/pull/30485)

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index 8727202793..e14d7cd8c9 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -4145,9 +4145,13 @@ int ossl_quic_channel_set_max_data_request(QUIC_CHANNEL *ch, uint64_t max_data)
     if (ossl_quic_channel_have_generated_transport_params(ch))
         return 0;

+    if (!ossl_quic_rxfc_init(&ch->conn_rxfc, NULL,
+            max_data, DEFAULT_CONN_RXFC_MAX_WND_MUL * max_data,
+            get_time, ch))
+        return 0;
+
     ch->tx_init_max_data = max_data;
-    ossl_quic_rxfc_init(&ch->conn_rxfc, NULL,
-        max_data, DEFAULT_CONN_RXFC_MAX_WND_MUL * max_data, get_time, ch);
+
     return 1;
 }

@@ -4201,11 +4205,17 @@ int ossl_quic_channel_set_max_streams_request(QUIC_CHANNEL *ch, uint64_t max_str
         return 0;

     if (is_uni) {
+        if (!ossl_quic_rxfc_init_standalone(&ch->max_streams_uni_rxfc,
+                max_streams, get_time, ch))
+            return 0;
+
         ch->tx_init_max_streams_uni = max_streams;
-        ossl_quic_rxfc_init_standalone(&ch->max_streams_uni_rxfc, max_streams, get_time, ch);
     } else {
+        if (!ossl_quic_rxfc_init_standalone(&ch->max_streams_bidi_rxfc,
+                max_streams, get_time, ch))
+            return 0;
+
         ch->tx_init_max_streams_bidi = max_streams;
-        ossl_quic_rxfc_init_standalone(&ch->max_streams_bidi_rxfc, max_streams, get_time, ch);
     }

     return 1;
@@ -4226,8 +4236,11 @@ int ossl_quic_channel_set_ack_delay_exponent_request(QUIC_CHANNEL *ch, uint64_t
     if (ossl_quic_channel_have_generated_transport_params(ch))
         return 0;

+    if (!ossl_quic_tx_packetiser_set_ack_delay_exponent(ch->txp, (uint32_t)exp))
+        return 0;
+
     ch->tx_ack_delay_exp = (unsigned char)exp;
-    ossl_quic_tx_packetiser_set_ack_delay_exponent(ch->txp, (uint32_t)exp);
+
     return 1;
 }