BUG/MINOR: quic: Missing padding for short packets

This was revealed by Amaury when setting tune.quic.frontend.max-streams-bidi to 8
and asking a client to open 12 streams. haproxy has to send short packets
with little MAX_STREAMS frames encoded with 2 bytes. In addition to a packet number
encoded with only one byte. In the case <len_frms> is the length of the encoded
frames to be added to the packet plus the length of the packet number.

Ensure the length of the packet is at least QUIC_PACKET_PN_MAXLEN adding a PADDING
frame wich (QUIC_PACKET_PN_MAXLEN - <len_frms>) as size. For instance with
a two bytes MAX_STREAMS frames and a one byte packet number length, this adds
one byte of padding.

See https://datatracker.ietf.org/doc/html/rfc9001#name-header-protection-sample.

Must be backported to 2.7 and 2.6.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 83188c4282a5c07357670d36f520632a961fcd0f..4d22a49b410b83ad3256f2f8d5c592a5679ec056 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -7277,7 +7277,10 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end,
                padding_len -= quic_int_getsize(len + padding_len) - len_sz;
                len += padding_len;
        }
-       else if (LIST_ISEMPTY(&frm_list) || len_frms == len) {
+       else if (len_frms && len_frms < QUIC_PACKET_PN_MAXLEN) {
+               len += padding_len = QUIC_PACKET_PN_MAXLEN - len_frms;
+       }
+       else if (LIST_ISEMPTY(&frm_list)) {
                if (qel->pktns->tx.pto_probe) {
                        /* If we cannot send a frame, we send a PING frame. */
                        add_ping_frm = 1;