From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 27 Jan 2022 15:51:54 +0000 (+0100)
Subject: MINOR: quic: Drop Initial packets with wrong ODCID
X-Git-Tag: v2.6-dev1~44
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dc36404c3621b4fbc2df0f5c64ffc23e4cf7a445;p=thirdparty%2Fhaproxy.git

MINOR: quic: Drop Initial packets with wrong ODCID

According to the RFC 9000, the client ODCID must have a minimal length of 8 bytes.
---

diff --git a/include/haproxy/xprt_quic-t.h b/include/haproxy/xprt_quic-t.h
index e3eee60e15..157d81d456 100644
--- a/include/haproxy/xprt_quic-t.h
+++ b/include/haproxy/xprt_quic-t.h
@@ -62,6 +62,8 @@ typedef unsigned long long ull;
 /* Common definitions for short and long QUIC packet headers. */
 /* QUIC connection ID maximum length for version 1. */
 #define QUIC_CID_MAXLEN               20 /* bytes */
+/* QUIC original destination connection ID minial length */
+#define QUIC_ODCID_MINLEN              8 /* bytes */
 /*
  * All QUIC packets with long headers are made of at least (in bytes):
  * flags(1), version(4), DCID length(1), DCID(0..20), SCID length(1), SCID(0..20)
diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 322f117874..a3a7bd0d69 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -4308,6 +4308,11 @@ static ssize_t qc_lstnr_pkt_rcv(unsigned char *buf, const unsigned char *end,
 				goto err;
 			}
 
+			if (pkt->dcid.len < QUIC_ODCID_MINLEN) {
+				TRACE_PROTO("dropped packet", QUIC_EV_CONN_LPKT);
+				goto err;
+			}
+
 			pkt->saddr = dgram->saddr;
 			ipv4 = dgram->saddr.ss_family == AF_INET;
 			qc = qc_new_conn(pkt->version, ipv4,