mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-27 05:41:10 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: ensure offset is properly set for STREAM frames

Browse Source 
Care must be taken when reading/writing offset for STREAM frames. A
special OFF bit is set in the frame type to indicate that the field is
present. If not set, it is assumed that offset is 0.

To represent this, offset field of quic_stream structure must always be
initialized with a valid value in regards with its frame type OFF bit.

The previous code has no bug in part because pool_zalloc() is used to
allocate quic_frame instances. To be able to use pool_alloc(), offset is
always explicitely set to 0. If a non-null value is used, OFF bit is set
at the same occasion. A new BUG_ON() statement is added on frame builder
to ensure that the caller has set OFF bit if offset is non null.

This should be backported up to 2.7.
This commit is contained in:
Amaury Denoyelle 2023-02-02 16:45:07 +01:00
parent 2216b0866e
commit 1dac018d9f
3 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/mux_quic.c
View File

@ -1436,6 +1436,7 @@ static int qcs_build_stream_frm(struct qcs *qcs, struct buffer *out, char fin,
frm->stream.id = qcs->id; frm->stream.id = qcs->id;
frm->stream.buf = out; frm->stream.buf = out;
frm->stream.data = (unsigned char *)b_peek(out, head); frm->stream.data = (unsigned char *)b_peek(out, head);
frm->stream.offset.key = 0;
/* FIN is positioned only when the buffer has been totally emptied. */ /* FIN is positioned only when the buffer has been totally emptied. */
if (fin) if (fin)

3
src/quic_conn.c
View File

@ -6857,8 +6857,7 @@ static inline int qc_build_frms(struct list *outlist, struct list *inlist,
new_cf->stream.stream = cf->stream.stream; new_cf->stream.stream = cf->stream.stream;
new_cf->stream.buf = cf->stream.buf; new_cf->stream.buf = cf->stream.buf;
new_cf->stream.id = cf->stream.id; new_cf->stream.id = cf->stream.id;
if (cf->type & QUIC_STREAM_FRAME_TYPE_OFF_BIT) new_cf->stream.offset = cf->stream.offset;
new_cf->stream.offset = cf->stream.offset;
new_cf->stream.len = dlen; new_cf->stream.len = dlen;
new_cf->type |= QUIC_STREAM_FRAME_TYPE_LEN_BIT; new_cf->type |= QUIC_STREAM_FRAME_TYPE_LEN_BIT;
/* FIN bit reset */ /* FIN bit reset */

4
src/quic_frame.c
View File

@ -507,6 +507,10 @@ static int quic_build_stream_frame(unsigned char **buf, const unsigned char *end
struct quic_stream *stream = &frm->stream; struct quic_stream *stream = &frm->stream;
const unsigned char *wrap; const unsigned char *wrap;
/* Caller must set OFF bit if and only if a non-null offset is used. */
BUG_ON(!!(frm->type & QUIC_STREAM_FRAME_TYPE_OFF_BIT) !=
!!stream->offset.key);
if (!quic_enc_int(buf, end, stream->id) || if (!quic_enc_int(buf, end, stream->id) ||
((frm->type & QUIC_STREAM_FRAME_TYPE_OFF_BIT) && !quic_enc_int(buf, end, stream->offset.key)) || ((frm->type & QUIC_STREAM_FRAME_TYPE_OFF_BIT) && !quic_enc_int(buf, end, stream->offset.key)) ||
((frm->type & QUIC_STREAM_FRAME_TYPE_LEN_BIT) && ((frm->type & QUIC_STREAM_FRAME_TYPE_LEN_BIT) &&