mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-26 21:31:01 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: quic: Missing AEAD TAG check after removing header protection

Browse Source 
After removing the packet header protection, we can check the packet is long
enough to contain a 16 bytes length AEAD TAG (at this end of the packet).
This test was missing.

Must be backported to 2.6.
This commit is contained in:
Frédéric Lécaille 2022-08-08 18:41:16 +02:00
parent adc7641536
commit ffde3168fc
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/xprt_quic.c
View File

@ -4628,6 +4628,11 @@ static inline int qc_try_rm_hp(struct quic_conn *qc,
/* The AAD includes the packet number field found at <pn>. */
pkt->aad_len = pn - beg + pkt->pnl;
if (pkt->len - pkt->aad_len < QUIC_TLS_TAG_LEN) {
TRACE_PROTO("Too short packet", QUIC_EV_CONN_TRMHP, qc);
goto err;
}
qpkt_trace = pkt;
}
else {