h3: fix query of concurrent streams

Queries gave wrong value or ran into NULL pointers when called at times when connection filter was not fully initialized. Closes #17886
2026-01-18 17:21:26 +01:00 · 2025-07-10 13:18:03 +02:00
parent 74a94e699a
commit 695eee432f
3 changed files with 5 additions and 4 deletions
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -2750,7 +2750,7 @@ static CURLcode cf_h2_query(struct Curl_cfilter *cf,
    DEBUGASSERT(pres1);

    CF_DATA_SAVE(save, cf, data);
-    if(nghttp2_session_check_request_allowed(ctx->h2) == 0) {
+    if(!ctx->h2 || !nghttp2_session_check_request_allowed(ctx->h2)) {
      /* the limit is what we have in use right now */
      effective_max = CONN_ATTACHED(cf->conn);
    }
--- a/lib/vquic/curl_osslq.c
+++ b/lib/vquic/curl_osslq.c
@@ -2304,8 +2304,9 @@ static CURLcode cf_osslq_query(struct Curl_cfilter *cf,
  case CF_QUERY_MAX_CONCURRENT: {
 #ifdef SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL
    /* Added in OpenSSL v3.3.x */
-    uint64_t v;
-    if(!SSL_get_value_uint(ctx->tls.ossl.ssl, SSL_VALUE_CLASS_GENERIC,
+    uint64_t v = 0;
+    if(ctx->tls.ossl.ssl &&
+       !SSL_get_value_uint(ctx->tls.ossl.ssl, SSL_VALUE_CLASS_GENERIC,
                           SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, &v)) {
      CURL_TRC_CF(data, cf, "error getting available local bidi streams");
      return CURLE_HTTP3;
--- a/lib/vquic/curl_quiche.c
+++ b/lib/vquic/curl_quiche.c
@@ -1516,7 +1516,7 @@ static CURLcode cf_quiche_query(struct Curl_cfilter *cf,
  switch(query) {
  case CF_QUERY_MAX_CONCURRENT: {
    curl_uint64_t max_streams = CONN_ATTACHED(cf->conn);
-    if(!ctx->goaway) {
+    if(!ctx->goaway && ctx->qconn) {
      max_streams += quiche_conn_peer_streams_left_bidi(ctx->qconn);
    }
    *pres1 = (max_streams > INT_MAX) ? INT_MAX : (int)max_streams;