From: Frederic Lecaille Date: Fri, 27 Jun 2025 05:53:28 +0000 (+0200) Subject: BUG/MINOR: quic-be: Wrong retry_source_connection_id check X-Git-Tag: v3.3-dev3~80 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1045623cb8e84aaa46cc85e0f17b597b61101aba;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic-be: Wrong retry_source_connection_id check This commit broke the QUIC backend connection to servers without address validation or retry activated: MINOR: quic-be: address validation support implementation (RETRY) Indeed the retry_source_connection_id transport parameter was already checked as as if it was required, as if the peer (server) was always using the address validation. Furthermore, relying on ->odcid.len to ensure a retry token was received is not correct. This patch ensures the retry_source_connection_id transport parameter is checked only when a retry token was received (->retry_token != NULL). In this case it also checks that this transport parameter is present when a retry token has been received (tx_params->retry_source_connection_id.len != 0). No need to backport. --- diff --git a/src/quic_tp.c b/src/quic_tp.c index fb47aa790..bc33664d4 100644 --- a/src/quic_tp.c +++ b/src/quic_tp.c @@ -759,10 +759,14 @@ int quic_transport_params_store(struct quic_conn *qc, int server, return 0; } - if (server && (qc->odcid.len != tx_params->retry_source_connection_id.len || - memcmp(qc->odcid.data, tx_params->retry_source_connection_id.data, qc->odcid.len) != 0)) { - TRACE_ERROR("retry_source_connection_id mismatch", QUIC_EV_TRANSP_PARAMS, qc); - return 0; + if (server && qc->retry_token) { + if (!tx_params->retry_source_connection_id.len || + (qc->odcid.len != tx_params->retry_source_connection_id.len || + memcmp(qc->odcid.data, tx_params->retry_source_connection_id.data, qc->odcid.len) != 0)) { + quic_set_connection_close(qc, quic_err_transport(QC_ERR_TRANSPORT_PARAMETER_ERROR)); + TRACE_ERROR("retry_source_connection_id absence or mismatch", QUIC_EV_TRANSP_PARAMS, qc); + return 1; + } } /* Update the connection from transport parameters received */