Commit 6983b5c36d for openssl.org

commit 6983b5c36d8be64fd0548c339cbbbd9642d647d3
Author: Alexandr Nedvedicky <sashan@openssl.org>
Date:   Mon Apr 13 12:39:25 2026 +0200

    port_default_packet_handler() should not attempt to parse QUIC packet
    header when destination connection id is not present. To save CPU cycles.

    Issue has been noticed and kindly reported by Dan Carpenter via
    openssl-users@ mailing list.

    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    Reviewed-by: Matt Caswell <matt@openssl.foundation>
    MergeDate: Thu Apr 16 22:59:33 2026
    (Merged from https://github.com/openssl/openssl/pull/30795)

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 644b4e0fe5..e9af8b21b2 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -1599,6 +1599,13 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg,
     if (!port->allow_incoming)
         goto undesirable;

+    /*
+     * packet without destination connection id is invalid/corrupted here.
+     * stop wasting CPU cycles now.
+     */
+    if (dcid == NULL)
+        goto undesirable;
+
     /*
      * We have got a packet for an unknown DCID. This might be an attempt to
      * open a new connection.