From: Frédéric Lécaille Date: Tue, 28 Mar 2023 13:39:11 +0000 (+0200) Subject: BUG/MINOR: quic: Missing padding in very short probe packets X-Git-Tag: v2.8-dev7~145 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9c317b1d35efe7f957ad101d902168aa77fa9117;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: Missing padding in very short probe packets This bug arrived with this commit: MINOR: quic: Send PING frames when probing Initial packet number space This may happen when haproxy needs to probe the peer with very short packets (only one PING frame). In this case, the packet must be padded. There was clearly a case which was removed by the mentionned commit above. That said, there was an extra byte which was added to the PADDING frame before the mentionned commit above. This is no more the case with this patch. Thank you to @tatsuhiro-t (ngtcp2 manager) for having reported this issue which was revealed by the keyupdate test (on client side). Must be backported to 2.7 and 2.6. --- diff --git a/src/quic_conn.c b/src/quic_conn.c index 25ece80390..e512490cdc 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -7659,10 +7659,17 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end, * is not coalesced to an Handshake packet. We must directly * pad the datragram. */ - if (pkt->type == QUIC_PACKET_TYPE_INITIAL && dglen < QUIC_INITIAL_PACKET_MINLEN) { - padding_len = QUIC_INITIAL_PACKET_MINLEN - dglen; - padding_len -= quic_int_getsize(len + padding_len) - len_sz; - len += padding_len; + if (pkt->type == QUIC_PACKET_TYPE_INITIAL) { + if (dglen < QUIC_INITIAL_PACKET_MINLEN) { + padding_len = QUIC_INITIAL_PACKET_MINLEN - dglen; + padding_len -= quic_int_getsize(len + padding_len) - len_sz; + len += padding_len; + } + } + else { + /* Note that +1 is for the PING frame */ + if (*pn_len + 1 < QUIC_PACKET_PN_MAXLEN) + len += padding_len = QUIC_PACKET_PN_MAXLEN - *pn_len - 1; } } else {