BUG/MINOR: quic: Missing padding for short packets

This was revealed by Amaury when setting tune.quic.frontend.max-streams-bidi to 8 and asking a client to open 12 streams. haproxy has to send short packets with little MAX_STREAMS frames encoded with 2 bytes. In addition to a packet number encoded with only one byte. In the case <len_frms> is the length of the encoded frames to be added to the packet plus the length of the packet number. Ensure the length of the packet is at least QUIC_PACKET_PN_MAXLEN adding a PADDING frame wich (QUIC_PACKET_PN_MAXLEN - <len_frms>) as size. For instance with a two bytes MAX_STREAMS frames and a one byte packet number length, this adds one byte of padding. See https://datatracker.ietf.org/doc/html/rfc9001#name-header-protection-sample. Must be backported to 2.7 and 2.6.
2025-09-24 23:31:40 +02:00 · 2023-02-16 17:30:53 +01:00 · 2023-02-16 17:30:53 +01:00 · 5faf577997
commit 5faf577997
parent 35218c6357
1 changed files with 4 additions and 1 deletions
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@ -7277,7 +7277,10 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end,
 		padding_len -= quic_int_getsize(len + padding_len) - len_sz;
 		len += padding_len;
 	}
-	else if (LIST_ISEMPTY(&frm_list) || len_frms == len) {
+	else if (len_frms && len_frms < QUIC_PACKET_PN_MAXLEN) {
+		len += padding_len = QUIC_PACKET_PN_MAXLEN - len_frms;
+	}
+	else if (LIST_ISEMPTY(&frm_list)) {
 		if (qel->pktns->tx.pto_probe) {
 			/* If we cannot send a frame, we send a PING frame. */
 			add_ping_frm = 1;