From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 10 Mar 2022 09:00:36 +0000 (+0100)
Subject: BUG/MINOR: quic: ACK_REQUIRED and ACK_RECEIVED flag collision
X-Git-Tag: v2.6-dev3~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=12c169aaf0a09dfb9a3115acb3fafd9a248c5799;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: ACK_REQUIRED and ACK_RECEIVED flag collision

This packet number space flags were defined with the same value because
defined at different places in the file. Assemble them at the same location
with different values.

This bug could unvalidate the peer address after it was validated
during the handshake leading to the anti-amplication limit to be
enabled again after having been disabled. The situation could not
be unblocked (deadlock).
---

diff --git a/include/haproxy/xprt_quic-t.h b/include/haproxy/xprt_quic-t.h
index 4174924f1c..5b37d7779c 100644
--- a/include/haproxy/xprt_quic-t.h
+++ b/include/haproxy/xprt_quic-t.h
@@ -391,6 +391,10 @@ struct quic_arngs {
 #define QUIC_FL_PKTNS_ACK_RECEIVED_BIT 0
 #define QUIC_FL_PKTNS_ACK_RECEIVED  (1UL << QUIC_FL_PKTNS_ACK_RECEIVED_BIT)
 
+/* Flag the packet number space as requiring an ACK frame to be sent. */
+#define QUIC_FL_PKTNS_ACK_REQUIRED_BIT 1
+#define QUIC_FL_PKTNS_ACK_REQUIRED  (1UL << QUIC_FL_PKTNS_ACK_REQUIRED_BIT)
+
 /* The maximum number of dgrams which may be sent upon PTO expirations. */
 #define QUIC_MAX_NB_PTO_DGRAMS         2
 
@@ -643,10 +647,6 @@ enum qc_mux_state {
 #define QUIC_CONN_TX_BUFS_NB 8
 #define QUIC_CONN_TX_BUF_SZ  QUIC_PACKET_MAXLEN
 
-/* Flag the packet number space as requiring an ACK frame to be sent. */
-#define QUIC_FL_PKTNS_ACK_REQUIRED_BIT 0
-#define QUIC_FL_PKTNS_ACK_REQUIRED  (1UL << QUIC_FL_PKTNS_ACK_REQUIRED_BIT)
-
 /* Flags at connection level */
 #define QUIC_FL_CONN_ANTI_AMPLIFICATION_REACHED_BIT 0
 #define QUIC_FL_CONN_ANTI_AMPLIFICATION_REACHED \