BUG/MINOR: qpack: reject invalid dynamic table capacity

Currently haproxy does not implement dynamic table support for QPACK. As such, dynamic table capacity advertized via H3 SETTINGS is 0. When receiving a non-null Set Dynamic Table Capacity instruction, close immediately the connection using QPACK_ENCODER_STREAM_ERROR. Prior to this patch, such instructions were simply ignored. This is non conform to QUIC specification. This should be backported up to 2.6. Note that on 2.6 qcc_set_error() must be replaced by function qcc_emit_cc_app().
2025-09-21 05:41:26 +02:00 · 2024-02-14 18:23:12 +01:00 · 2024-02-14 18:23:12 +01:00 · f8df9bd6a5
commit f8df9bd6a5
parent bd71212ea9
1 changed files with 13 additions and 0 deletions
--- a/src/qpack-dec.c
+++ b/src/qpack-dec.c
@ -135,6 +135,19 @@ int qpack_decode_enc(struct buffer *buf, int fin, void *ctx)
 	}
 	else if (inst & QPACK_ENC_INST_SDTC_BIT) {
 		/* Set dynamic table capacity */
+		int capacity = *b_head(buf) & 0x1f;
+
+		/* RFC 9204 4.3.1. Set Dynamic Table Capacity
+		 *
+		 * The decoder MUST treat a new dynamic table capacity
+		 * value that exceeds this limit as a connection error of type
+		 * QPACK_ENCODER_STREAM_ERROR.
+		 */
+		if (capacity) {
+			qcc_set_error(qcs->qcc, QPACK_ENCODER_STREAM_ERROR, 1);
+			return -1;
+		}
+
 	}

 	return 0;