From 5faf577997314bcfbc25c8eef35b682058d2a999 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Thu, 16 Feb 2023 17:30:53 +0100 Subject: [PATCH] BUG/MINOR: quic: Missing padding for short packets This was revealed by Amaury when setting tune.quic.frontend.max-streams-bidi to 8 and asking a client to open 12 streams. haproxy has to send short packets with little MAX_STREAMS frames encoded with 2 bytes. In addition to a packet number encoded with only one byte. In the case is the length of the encoded frames to be added to the packet plus the length of the packet number. Ensure the length of the packet is at least QUIC_PACKET_PN_MAXLEN adding a PADDING frame wich (QUIC_PACKET_PN_MAXLEN - ) as size. For instance with a two bytes MAX_STREAMS frames and a one byte packet number length, this adds one byte of padding. See https://datatracker.ietf.org/doc/html/rfc9001#name-header-protection-sample. Must be backported to 2.7 and 2.6. --- src/quic_conn.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/quic_conn.c b/src/quic_conn.c index 83188c428..4d22a49b4 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -7277,7 +7277,10 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end, padding_len -= quic_int_getsize(len + padding_len) - len_sz; len += padding_len; } - else if (LIST_ISEMPTY(&frm_list) || len_frms == len) { + else if (len_frms && len_frms < QUIC_PACKET_PN_MAXLEN) { + len += padding_len = QUIC_PACKET_PN_MAXLEN - len_frms; + } + else if (LIST_ISEMPTY(&frm_list)) { if (qel->pktns->tx.pto_probe) { /* If we cannot send a frame, we send a PING frame. */ add_ping_frm = 1;