From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Fri, 30 Jun 2023 10:17:36 +0000 (+0200)
Subject: BUG/MINOR: quic: Missing random bits in Retry packet header
X-Git-Tag: v2.9-dev1~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6c9bf2bdf52f35ddcfd0c618f84638b390b48167;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: Missing random bits in Retry packet header

The 4 bits least significant bits of the first byte in a Retry packet must be
random. There are generated calling statistical_prng_range() with 16 as argument.

Must be backported as far as 2.6.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index caf04a2446..9ecce91973 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6641,9 +6641,10 @@ static int send_retry(int fd, struct sockaddr_storage *addr,
 
 	TRACE_ENTER(QUIC_EV_CONN_TXPKT);
 
-	/* long header + fixed bit + packet type QUIC_PACKET_TYPE_RETRY */
+	/* long header(1) | fixed bit(1) | packet type QUIC_PACKET_TYPE_RETRY(2) | unused random bits(4)*/
 	buf[i++] = (QUIC_PACKET_LONG_HEADER_BIT | QUIC_PACKET_FIXED_BIT) |
-		(quic_pkt_type(QUIC_PACKET_TYPE_RETRY, qv->num) << QUIC_PACKET_TYPE_SHIFT);
+		(quic_pkt_type(QUIC_PACKET_TYPE_RETRY, qv->num) << QUIC_PACKET_TYPE_SHIFT) |
+		statistical_prng_range(16);
 	/* version */
 	buf[i++] = *((unsigned char *)&qv->num + 3);
 	buf[i++] = *((unsigned char *)&qv->num + 2);