mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-04-05 02:51:44 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: close conn on packet reception with incompatible frame

Browse Source 
RFC 9000 lists each supported frames and the type of packets in which it
can be present.

Prior to this patch, a packet with an incompatible frame is dropped.
However, QUIC specification mandates that the connection is immediately
closed with PROTOCOL_VIOLATION error code. This patch completes
qc_parse_frm() to add such connection closure.

This must be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle 2026-03-30 09:38:13 +02:00
parent b7d1c2f91d
commit 08cc37a554
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/quic_frame.c
View File

@ -1185,7 +1185,14 @@ int qc_parse_frm(struct quic_frame *frm, struct quic_rx_packet *pkt,
parser = qf_parser(frm->type);
if (!(parser->mask & (1U << pkt->type))) {
/* RFC 9000 12.4. Frames and Frame Types
*
* An endpoint MUST treat
* receipt of a frame in a packet type that is not permitted as a
* connection error of type PROTOCOL_VIOLATION.
*/
TRACE_DEVEL("unauthorized frame", QUIC_EV_CONN_PRSFRM, qc, frm);
quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
goto leave;
}