From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Mon, 15 May 2023 15:40:00 +0000 (+0200)
Subject: BUG/MINOR: quic: Wrong token length check (quic_generate_retry_token())
X-Git-Tag: v2.8-dev13~20
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6d6ddb2ce58807b8defb0b38d9d524b958278ce4;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: Wrong token length check (quic_generate_retry_token())

This bug would never occur because the buffer supplied to quic_generate_retry_token()
to build a Retry token is large enough to embed such a token. Anyway, this patch
fixes quic_generate_retry_token() implementation.

There were two errors: this is the ODCID which is added to the token. Furthermore
the timestamp was not taken into an account.

Must be backported to 2.6 and 2.7.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 1f5a54e95a..eb47f340fc 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6396,11 +6396,11 @@ static int quic_generate_retry_token(unsigned char *token, size_t len,
 
 	TRACE_ENTER(QUIC_EV_CONN_TXPKT);
 
-	/* We copy the odcid into the token, prefixed by its one byte
-	 * length, the format token byte. It is followed by an AEAD TAG, and finally
+	/* The token is made of the token format byte, the ODCID prefixed by its one byte
+	 * length, the creation timestamp, an AEAD TAG, and finally
 	 * the random bytes used to derive the secret to encrypt the token.
 	 */
-	if (1 + dcid->len + 1 + QUIC_TLS_TAG_LEN + sizeof salt > len)
+	if (1 + odcid->len + 1 + sizeof(timestamp) + QUIC_TLS_TAG_LEN + QUIC_RETRY_TOKEN_SALTLEN > len)
 		goto err;
 
 	aadlen = quic_generate_retry_token_aad(aad, version, dcid, addr);