From f09be89a52d717163a16d77a9cfaabe7f1456dfd Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Mon, 5 Oct 2020 13:02:53 +0100
Subject: QUIC: do not resend empty queue when speeding up handshake.

If client acknowledged an Initial packet with CRYPTO frame and then
sent another Initial packet containing duplicate CRYPTO again, this
could result in resending frames off the empty send queue.
---
 src/event/ngx_event_quic.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index 0c32be355..f503c48ba 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -2846,6 +2846,7 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
 {
     uint64_t                   last;
     ngx_int_t                  rc;
+    ngx_quic_send_ctx_t       *ctx;
     ngx_quic_connection_t     *qc;
     ngx_quic_crypto_frame_t   *f;
     ngx_quic_frames_stream_t  *fs;
@@ -2871,7 +2872,11 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
     /* speeding up handshake completion */
 
     if (pkt->level == ssl_encryption_initial) {
-        ngx_quic_resend_frames(c, ngx_quic_get_send_ctx(qc, pkt->level));
+        ctx = ngx_quic_get_send_ctx(qc, pkt->level);
+
+        if (!ngx_queue_empty(&ctx->sent)) {
+            ngx_quic_resend_frames(c, ctx);
+        }
     }
 
     return NGX_OK;
-- 
cgit