mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-26 16:21:22 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: Drop Initial packets with wrong ODCID

Browse Source 
According to the RFC 9000, the client ODCID must have a minimal length of 8 bytes.
This commit is contained in:
Frédéric Lécaille 2022-01-27 16:51:54 +01:00 committed by Amaury Denoyelle
parent 629cbdf5cc
commit dc36404c36
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/haproxy/xprt_quic-t.h
View File

@ -62,6 +62,8 @@ typedef unsigned long long ull;
/* Common definitions for short and long QUIC packet headers. */ /* Common definitions for short and long QUIC packet headers. */
/* QUIC connection ID maximum length for version 1. */ /* QUIC connection ID maximum length for version 1. */
#define QUIC_CID_MAXLEN 20 /* bytes */ #define QUIC_CID_MAXLEN 20 /* bytes */
/* QUIC original destination connection ID minial length */
#define QUIC_ODCID_MINLEN 8 /* bytes */
/* /*
* All QUIC packets with long headers are made of at least (in bytes): * All QUIC packets with long headers are made of at least (in bytes):
* flags(1), version(4), DCID length(1), DCID(0..20), SCID length(1), SCID(0..20) * flags(1), version(4), DCID length(1), DCID(0..20), SCID length(1), SCID(0..20)

5
src/xprt_quic.c
View File

@ -4308,6 +4308,11 @@ static ssize_t qc_lstnr_pkt_rcv(unsigned char *buf, const unsigned char *end,
goto err; goto err;
} }
if (pkt->dcid.len < QUIC_ODCID_MINLEN) {
TRACE_PROTO("dropped packet", QUIC_EV_CONN_LPKT);
goto err;
}
pkt->saddr = dgram->saddr; pkt->saddr = dgram->saddr;
ipv4 = dgram->saddr.ss_family == AF_INET; ipv4 = dgram->saddr.ss_family == AF_INET;
qc = qc_new_conn(pkt->version, ipv4, qc = qc_new_conn(pkt->version, ipv4,