From: Frederic Lecaille <flecaille@haproxy.com>
Date: Tue, 3 Sep 2024 13:10:25 +0000 (+0200)
Subject: BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns
X-Git-Tag: v3.1-dev7~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7e19432fd41e9c0146f0227b43d0dd3dc740e20b;p=thirdparty%2Fhaproxy.git

BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns

This bug arrived with this naive commit:

    BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only)

which omitted to consider the case where the Initial packet number space
could be discarded before receiving 0-RTT packets.

To fix this, append/insert the O-RTT (early-data) packet number space
into the encryption level list depending on the presence or not of
the Initial packet number space.

This issue was revealed when using aws-lc as TLS stack in GH #2701 issue.
Thank you to @Tristan971 for having reported this issue.

Must be backported where the commit mentionned above is supposed to be
backported: as far as 2.9.
---

diff --git a/src/quic_tls.c b/src/quic_tls.c
index af087dc76a..5a16ebdb10 100644
--- a/src/quic_tls.c
+++ b/src/quic_tls.c
@@ -252,8 +252,12 @@ static int quic_conn_enc_level_init(struct quic_conn *qc,
 	 * Here early-data is added after the Initial encryption level which is
 	 * always already present.
 	 */
-	if (level == ssl_encryption_early_data)
-		LIST_APPEND(&qc->iel->list, &qel->list);
+	if (level == ssl_encryption_early_data) {
+		if (qc->iel)
+			LIST_APPEND(&qc->iel->list, &qel->list);
+		else
+			LIST_INSERT(&qc->qel_list, &qel->list);
+	}
 	else
 		LIST_APPEND(&qc->qel_list, &qel->list);
 	*el = qel;