From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Wed, 1 Feb 2023 09:31:35 +0000 (+0100)
Subject: BUG/MAJOR: quic: Possible crash when processing 1-RTT during 0-RTT session
X-Git-Tag: v2.8-dev3~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8417beb7da2b32c33cd703e7a123125c6b0df7b3;p=thirdparty%2Fhaproxy.git

BUG/MAJOR: quic: Possible crash when processing 1-RTT during 0-RTT session

This bug was revealed by some C1 interop tests (heavy hanshake packet
corruption) when receiving 1-RTT packets with a key phase update.
This lead the packet to be decrypted with the next key phase secrets.
But this latter is initialized only after the handshake is complete.

In fact, 1-RTT must never be processed before the handshake is complete.
Relying on the "qc->mux_state == QC_MUX_NULL" condition to check the
handshake is complete is wrong during 0-RTT sessions when the mux
is initialized before the handshake is complete.

Must be backported to 2.7 and 2.6.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 907ee9873e..79c20137c7 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -4035,6 +4035,11 @@ static int qc_qel_may_rm_hp(struct quic_conn *qc, struct quic_enc_level *qel)
 		goto cant_rm_hp;
 	}
 
+	if (tel == QUIC_TLS_ENC_LEVEL_APP && qc->state < QUIC_HS_ST_COMPLETE) {
+		TRACE_DEVEL("handshake not complete", QUIC_EV_CONN_TRMHP, qc);
+		goto cant_rm_hp;
+	}
+
 	/* check if the connection layer is ready before using app level */
 	if ((tel == QUIC_TLS_ENC_LEVEL_APP || tel == QUIC_TLS_ENC_LEVEL_EARLY_DATA) &&
 	    qc->mux_state == QC_MUX_NULL) {