From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 28 Apr 2022 13:43:46 +0000 (+0200)
Subject: MINOR: quic: Drop 0-RTT packets without secrets
X-Git-Tag: v2.6-dev8~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1231d3c179182b60fcf19ebe70f917b77c6d40b9;p=thirdparty%2Fhaproxy.git

MINOR: quic: Drop 0-RTT packets without secrets

If we received 0-RTT packets and no secrets were provided by the TLS stack
we must drop them.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 3a069df93a..1b494a3ea5 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -4025,11 +4025,25 @@ struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state)
 	    !(qc->flags & QUIC_FL_CONN_IMMEDIATE_CLOSE))
 		goto out;
 
-	if (zero_rtt && next_qel && !MT_LIST_ISEMPTY(&next_qel->rx.pqpkts) &&
-	    (next_qel->tls_ctx.flags & QUIC_FL_TLS_SECRETS_SET)) {
-		qel = next_qel;
-		next_qel = NULL;
-		goto next_level;
+	if (next_qel && next_qel == &qc->els[QUIC_TLS_ENC_LEVEL_EARLY_DATA] &&
+	    !MT_LIST_ISEMPTY(&next_qel->rx.pqpkts)) {
+	    if ((next_qel->tls_ctx.flags & QUIC_FL_TLS_SECRETS_SET)) {
+			qel = next_qel;
+			next_qel = NULL;
+			goto next_level;
+		}
+		else {
+			struct quic_rx_packet *pkt;
+			struct mt_list *elt1, elt2;
+			struct quic_enc_level *aqel = &qc->els[QUIC_TLS_ENC_LEVEL_EARLY_DATA];
+
+			/* Drop these 0-RTT packets */
+			TRACE_PROTO("drop all 0-RTT packets", QUIC_EV_CONN_PHPKTS, qc);
+			mt_list_for_each_entry_safe(pkt, &aqel->rx.pqpkts, list, elt1, elt2) {
+				MT_LIST_DELETE_SAFE(elt1);
+				quic_rx_packet_refdec(pkt);
+			}
+		}
 	}
 
 	st = qc->state;