]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2fe8b3b)
MINOR: quic: Wrong CRYPTO frame concatenation
authorFrédéric Lécaille <flecaille@haproxy.com>
Mon, 10 Jan 2022 17:31:07 +0000 (18:31 +0100)
committerFrédéric Lécaille <flecaille@haproxy.com>
Tue, 11 Jan 2022 15:12:31 +0000 (16:12 +0100)
This commit was not correct:
 "MINOR: quic: Only one CRYPTO frame by encryption level"
Indeed, when receiving CRYPTO data from TLS stack for a packet number space,
there are rare cases where there is already other frames than CRYPTO data frames
in the packet number space, especially for 01RTT packet number space.  This is
very often with quant as client.

src/xprt_quic.c patch | blob | blame | history

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 92de7fad42547cefe2a96b6c3f13d81e5324a12c..e21f3e4c59456db54f9b1f4a3bbecae52550794c 100644 (file)
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -993,8 +993,26 @@ static int quic_crypto_data_cpy(struct quic_enc_level *qel,
         */
        if (!len) {
                struct quic_frame *frm;
+               struct quic_frame *found = NULL;
+               struct mt_list *tmp1, tmp2;
 
-               if (MT_LIST_ISEMPTY(&qel->pktns->tx.frms)) {
+               /* There is at most one CRYPTO frame in this packet number
+                * space. Let's look for it.
+                */
+               mt_list_for_each_entry_safe(frm, &qel->pktns->tx.frms,
+                                           mt_list, tmp1, tmp2) {
+                       if (frm->type != QUIC_FT_CRYPTO)
+                               continue;
+
+                       /* Found */
+                       found = frm;
+                       break;
+               }
+
+               if (found) {
+                       found->crypto.len += cf_len;
+               }
+               else {
                        frm = pool_alloc(pool_head_quic_frame);
                        if (!frm)
                                return 0;
@@ -1005,10 +1023,6 @@ static int quic_crypto_data_cpy(struct quic_enc_level *qel,
                        frm->crypto.qel = qel;
                        MT_LIST_APPEND(&qel->pktns->tx.frms, &frm->mt_list);
                }
-               else {
-                       frm = MT_LIST_NEXT(&qel->pktns->tx.frms, struct quic_frame *, mt_list);
-                       frm->crypto.len += cf_len;
-               }
        }
 
        return len == 0;
Mirror of https://github.com/haproxy/haproxy.git