mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-09 16:47:18 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: quic: reject HANDSHAKE_DONE as server

Browse Source 
As specified in RFC 9000, a client must never emit a HANDSHAKE_DONE
frame. If this happens, the server must close the connection with error
PROTOCOL VIOLATION.

Previously, such a frame was silently discarded on server side. The
connection remained opened which is not conformant to the specification.

This should be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle 2024-02-14 18:13:08 +01:00
parent 80b82c2192
commit cc29ab437e
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/quic_rx.c
View File

@ -1056,6 +1056,14 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
if (qc_is_listener(qc)) { if (qc_is_listener(qc)) {
TRACE_ERROR("non accepted QUIC_FT_HANDSHAKE_DONE frame", TRACE_ERROR("non accepted QUIC_FT_HANDSHAKE_DONE frame",
QUIC_EV_CONN_PRSHPKT, qc); QUIC_EV_CONN_PRSHPKT, qc);
/* RFC 9000 19.20. HANDSHAKE_DONE Frames
*
* A
* server MUST treat receipt of a HANDSHAKE_DONE frame as a connection
* error of type PROTOCOL_VIOLATION.
*/
quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
goto leave; goto leave;
} }