From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Wed, 19 Apr 2023 15:31:28 +0000 (+0200)
Subject: BUG/MINOR: quic: Wrong Retry token generation timestamp computing
X-Git-Tag: v2.8-dev8~79
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d07421331fff22ebacc44a8dd4b6f703502e69bf;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: Wrong Retry token generation timestamp computing

Again a now_ms variable value used without the ticks API. It is used
to store the generation time of the Retry token to be received back
from the client.

Must be backported to 2.6 and 2.7.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 10a2948a0e..ca7de95102 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -5414,7 +5414,7 @@ static int parse_retry_token(struct quic_conn *qc,
 	}
 
 	timestamp = ntohl(read_u32(token + odcid_len));
-	if (timestamp + MS_TO_TICKS(QUIC_RETRY_DURATION_MS) <= now_ms) {
+	if (tick_is_expired(tick_add(timestamp, MS_TO_TICKS(QUIC_RETRY_DURATION_MS)), now_ms)) {
 		TRACE_ERROR("token has expired", QUIC_EV_CONN_LPKT, qc);
 		goto leave;
 	}