From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Wed, 27 Apr 2022 13:37:28 +0000 (+0200)
Subject: MINOR: quic: Drop 0-RTT packets if not allowed
X-Git-Tag: v2.6-dev8~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3e26698f8966ef84a7cab9ad74db40a9c3b0fb1e;p=thirdparty%2Fhaproxy.git

MINOR: quic: Drop 0-RTT packets if not allowed

Drop the 0-RTT packets for a listener without early data configuration enabled.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index a181c8f0e0..15bcd387bf 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -5042,8 +5042,12 @@ static void qc_lstnr_pkt_rcv(unsigned char *buf, const unsigned char *end,
 			goto err;
 		}
 
-		if (pkt->type == QUIC_PACKET_TYPE_INITIAL &&
-		    dgram->len < QUIC_INITIAL_PACKET_MINLEN) {
+		if (pkt->type == QUIC_PACKET_TYPE_0RTT && !l->bind_conf->ssl_conf.early_data) {
+			TRACE_PROTO("0-RTT packet not supported", QUIC_EV_CONN_LPKT, qc);
+			drop_no_con = 1;
+		}
+		else if (pkt->type == QUIC_PACKET_TYPE_INITIAL &&
+		         dgram->len < QUIC_INITIAL_PACKET_MINLEN) {
 			TRACE_PROTO("Too short datagram with an Initial packet", QUIC_EV_CONN_LPKT, qc);
 			drop_no_con = 1;
 		}