From fc3ad50788ed5e5751650ff16976a25c21b38595 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Tue, 12 Aug 2025 17:27:03 +0200 Subject: [PATCH] BUG/MEDIUM: quic: reset padding when building GSO datagrams qc_prep_pkts() encodes input data into QUIC packets in a loop into one or several datagrams. It supports GSO which requires to built a serie of multiple datagrams of the same length. Each packet encoding is performed via a call to qc_do_build_pkt(). This function has an argument to specify if output packet must be completed with a PADDING frame. This option is activated when qc_prep_pkts() encodes the last packet of a datagram with at least one INITIAL packet in it. Padding is resetted each time a new datagram is started. However, this was not performed if GSO is used to built the next datagram. This patch fixes it by properly resetting padding in this case also. The impact of this bug is unknown. It may have several effectfs, one of the most obvious being the insertion of unnecessary padding in packets. It could also potentially trigger an infinite loop in qc_prep_pkts(), although this has never been encountered so far. This must be backported up to 3.1. --- src/quic_tx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/quic_tx.c b/src/quic_tx.c index bbeefe1cd..7c3843fc1 100644 --- a/src/quic_tx.c +++ b/src/quic_tx.c @@ -818,7 +818,7 @@ static int qc_prep_pkts(struct quic_conn *qc, struct buffer *buf, */ prv_pkt = cur_pkt; dglen = 0; - + padding = 0; } else { /* Finalize current datagram if not all frames sent. */