# HG changeset patch
# User Roman Arutyunyan <arut@nginx.com>
# Date 1716902361 -14400
# Node ID 5c6649b4308f6c13d70bcb4357199e4a8e1226f3
# Parent  bbdcab20d67e5605b106fd3446ae9395ef04d6b4
QUIC: ngx_quic_buffer_t use-after-free protection.

Previously the last chain field of ngx_quic_buffer_t could still reference freed
chains and buffers after calling ngx_quic_free_buffer().  While normally an
ngx_quic_buffer_t object should not be used after freeing, resetting last_chain
field would prevent a potential use-after-free.

diff -r bbdcab20d67e -r 5c6649b4308f src/event/quic/ngx_event_quic_frames.c
--- a/src/event/quic/ngx_event_quic_frames.c	Tue May 28 17:19:08 2024 +0400
+++ b/src/event/quic/ngx_event_quic_frames.c	Tue May 28 17:19:21 2024 +0400
@@ -648,6 +648,7 @@
     ngx_quic_free_chain(c, qb->chain);
 
     qb->chain = NULL;
+    qb->last_chain = NULL;
 }