From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 10 Mar 2022 09:38:20 +0000 (+0100)
Subject: BUG/MINOR: quic: Missing check when setting the anti-amplification limit as reached
X-Git-Tag: v2.6-dev3~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=676b849d37c9c6ef1dadbc588c484a5fadc3f8cd;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: Missing check when setting the anti-amplification limit as reached

Ensure the peer address is not validated before setting the anti-amplication
limit as reached.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index bb35f70405..15b7ddd2f5 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -5193,7 +5193,7 @@ static struct quic_tx_packet *qc_build_pkt(unsigned char **pos,
 	/* Consume a packet number */
 	qel->pktns->tx.next_pn++;
 	qc->tx.prep_bytes += pkt->len;
-	if (qc->tx.prep_bytes >= 3 * qc->rx.bytes)
+	if (qc->tx.prep_bytes >= 3 * qc->rx.bytes && !quic_peer_validated_addr(qc))
 		HA_ATOMIC_OR(&qc->flags, QUIC_FL_CONN_ANTI_AMPLIFICATION_REACHED);
 	/* Now that a correct packet is built, let us consume <*pos> buffer. */
 	*pos = end;