mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 07:37:02 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: reject packet with no frame

Browse Source 
RFC 9000 indicates that a QUIC packet with no frame must trigger a
connection closure with PROTOCOL_VIOLATION error code. Implement this
via an early return inside qc_parse_pkt_frms().

This should be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle 2023-10-09 10:42:35 +02:00
parent f59f8326f9
commit a4c59f5b9e
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/quic_rx.c
View File

@ -942,6 +942,20 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
pos = pkt->data + pkt->aad_len; pos = pkt->data + pkt->aad_len;
end = pkt->data + pkt->len; end = pkt->data + pkt->len;
/* Packet with no frame. */
if (pos == end) {
/* RFC9000 12.4. Frames and Frame Types
*
* The payload of a packet that contains frames MUST contain at least
* one frame, and MAY contain multiple frames and multiple frame types.
* An endpoint MUST treat receipt of a packet containing no frames as a
* connection error of type PROTOCOL_VIOLATION. Frames always fit within
* a single QUIC packet and cannot span multiple packets.
*/
quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
goto leave;
}
while (pos < end) { while (pos < end) {
if (!qc_parse_frm(&frm, pkt, &pos, end, qc)) { if (!qc_parse_frm(&frm, pkt, &pos, end, qc)) {
// trace already emitted by function above // trace already emitted by function above