From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Mon, 6 Mar 2023 12:57:40 +0000 (+0100)
Subject: MINOR: quic: Do not accept wrong active_connection_id_limit values
X-Git-Tag: v2.8-dev5~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4afbca611fad4adbeb2d967dc833ab2e06011dd1;p=thirdparty%2Fhaproxy.git

MINOR: quic: Do not accept wrong active_connection_id_limit values

A peer must not send active_connection_id_limit values smaller than 2
which is also the minimum value when not sent.

Make the transport parameters decoding fail in this case.

Must be backported to 2.7.
---

diff --git a/src/quic_tp.c b/src/quic_tp.c
index ae013613aa..09921f360f 100644
--- a/src/quic_tp.c
+++ b/src/quic_tp.c
@@ -609,6 +609,13 @@ static int quic_transport_params_decode(struct quic_transport_params *p, int ser
 	    !p->initial_source_connection_id_present)
 		return 0;
 
+	/* Note that if not received by the peer, active_connection_id_limit will
+	 * have QUIC_TP_DFLT_ACTIVE_CONNECTION_ID_LIMIT as default value. This
+	 * is also the minimum value for this transport parameter.
+	 */
+	if (p->active_connection_id_limit < QUIC_TP_DFLT_ACTIVE_CONNECTION_ID_LIMIT)
+		return 0;
+
 	return 1;
 }