From 9f14d82553160261d18fea2da4da24b7cc650c59 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Thu, 3 Dec 2020 15:44:53 +0700
Subject: [PATCH] fix a crash in the http3.Server when GetConfigForClient
 returns nil

---
 http3/server.go      | 16 +++++++++++-----
 http3/server_test.go | 16 ++++++++++++++++
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/http3/server.go b/http3/server.go
index 414f92661..e8f0cd8ec 100644
--- a/http3/server.go
+++ b/http3/server.go
@@ -140,18 +140,24 @@ func (s *Server) serveImpl(tlsConf *tls.Config, conn net.PacketConn) error {
 			if qconn, ok := ch.Conn.(handshake.ConnWithVersion); ok && qconn.GetQUICVersion() == quic.VersionDraft32 {
 				proto = nextProtoH3Draft32
 			}
-			conf := tlsConf
+			config := tlsConf
 			if tlsConf.GetConfigForClient != nil {
 				getConfigForClient := tlsConf.GetConfigForClient
 				var err error
-				conf, err = getConfigForClient(ch)
+				conf, err := getConfigForClient(ch)
 				if err != nil {
 					return nil, err
 				}
+				if conf != nil {
+					config = conf
+				}
 			}
-			conf = conf.Clone()
-			conf.NextProtos = []string{proto}
-			return conf, nil
+			if config == nil {
+				return nil, nil
+			}
+			config = config.Clone()
+			config.NextProtos = []string{proto}
+			return config, nil
 		},
 	}
 
diff --git a/http3/server_test.go b/http3/server_test.go
index d5cd5c3cf..31b49a00e 100644
--- a/http3/server_test.go
+++ b/http3/server_test.go
@@ -616,6 +616,22 @@ var _ = Describe("Server", func() {
 			Expect(conf.NextProtos).To(Equal([]string{"foo", "bar"}))
 			checkGetConfigForClientVersions(receivedConf)
 		})
+
+		It("works if GetConfigForClient returns a nil tls.Config", func() {
+			tlsConf := &tls.Config{GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) { return nil, nil }}
+
+			var receivedConf *tls.Config
+			quicListenAddr = func(addr string, conf *tls.Config, _ *quic.Config) (quic.EarlyListener, error) {
+				receivedConf = conf
+				return nil, errors.New("listen err")
+			}
+			s.TLSConfig = tlsConf
+			Expect(s.ListenAndServe()).To(HaveOccurred())
+			conf, err := receivedConf.GetConfigForClient(&tls.ClientHelloInfo{})
+			Expect(err).ToNot(HaveOccurred())
+			Expect(conf).ToNot(BeNil())
+			checkGetConfigForClientVersions(receivedConf)
+		})
 	})
 
 	It("closes gracefully", func() {