From cd138c33d82cc889fe6a16d18806fbe939279d25 Mon Sep 17 00:00:00 2001
From: Hugo Landau <hlandau@openssl.org>
Date: Tue, 10 Oct 2023 12:19:29 +0100
Subject: QUIC APL: Fix incoming default stream popping

Fixes #22106

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22333)
---
 ssl/quic/quic_impl.c         | 12 ++++++++++--
 test/quic_multistream_test.c | 23 ++++++++++++++++++++++-
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 86020a450a..29a283dca0 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -1836,6 +1836,7 @@ static int qc_wait_for_default_xso_for_read(QCTX *ctx)
     QUIC_STREAM *qs;
     int res;
     struct quic_wait_for_stream_args wargs;
+    OSSL_RTT_INFO rtt_info;
 
     /*
      * If default stream functionality is disabled or we already detached
@@ -1890,8 +1891,15 @@ static int qc_wait_for_default_xso_for_read(QCTX *ctx)
     }
 
     /*
-     * We now have qs != NULL. Make it the default stream, creating the
-     * necessary XSO.
+     * We now have qs != NULL. Remove it from the incoming stream queue so that
+     * it isn't also returned by any future SSL_accept_stream calls.
+     */
+    ossl_statm_get_rtt_info(ossl_quic_channel_get_statm(qc->ch), &rtt_info);
+    ossl_quic_stream_map_remove_from_accept_queue(ossl_quic_channel_get_qsm(qc->ch),
+                                                  qs, rtt_info.smoothed_rtt);
+
+    /*
+     * Now make qs the default stream, creating the necessary XSO.
      */
     qc_set_default_xso(qc, create_xso_from_stream(qc, qs), /*touch=*/0);
     if (qc->default_xso == NULL)
diff --git a/test/quic_multistream_test.c b/test/quic_multistream_test.c
index 58b0831ebb..e4663ece17 100644
--- a/test/quic_multistream_test.c
+++ b/test/quic_multistream_test.c
@@ -4902,6 +4902,26 @@ static const struct script_op script_76[] = {
     OP_END
 };
 
+static const struct script_op script_77[] = {
+    OP_C_SET_ALPN           ("ossltest")
+    OP_C_CONNECT_WAIT       ()
+
+    OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT)
+
+    OP_S_NEW_STREAM_BIDI    (a, S_BIDI_ID(0))
+    OP_S_WRITE              (a, "Strawberry", 10)
+
+    OP_C_READ_EXPECT        (DEFAULT, "Strawberry", 10)
+
+    OP_S_NEW_STREAM_BIDI    (b, S_BIDI_ID(1))
+    OP_S_WRITE              (b, "xyz", 3)
+
+    OP_C_ACCEPT_STREAM_WAIT (b)
+    OP_C_READ_EXPECT        (b, "xyz", 3)
+
+    OP_END
+};
+
 static const struct script_op *const scripts[] = {
     script_1,
     script_2,
@@ -4978,7 +4998,8 @@ static const struct script_op *const scripts[] = {
     script_73,
     script_74,
     script_75,
-    script_76
+    script_76,
+    script_77
 };
 
 static int test_script(int idx)
-- 
cgit v1.2.3