From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 20 Jul 2023 13:45:41 +0000 (+0200)
Subject: BUG/MINOR: quic: Missing parentheses around PTO probe variable.
X-Git-Tag: v2.9-dev2~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f92d816e3d5e0545dd035b9daae9032740e08100;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: Missing parentheses around PTO probe variable.

It is hard to analyze the impact of this bug. I guess it could lead a connection
to probe infinitively (with an exponential backoff probe timeout) during an handshake,
but one has never seen such a case.

Add missing parentheses around ->flags of the TX packet built by qc_do_build_pkt()
to detect that this packet embeds ack-eliciting frames. In this case if a probing
packet was needed the ->pto_probe value of the packet number space must be
decremented.

Must be backported as far as 2.6.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index a652c0f90c..76c004168a 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -8044,7 +8044,7 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end,
 	/* If this packet is ack-eliciting and we are probing let's
 	 * decrement the PTO probe counter.
 	 */
-	if (pkt->flags & QUIC_FL_TX_PACKET_ACK_ELICITING &&
+	if ((pkt->flags & QUIC_FL_TX_PACKET_ACK_ELICITING) &&
 	    qel->pktns->tx.pto_probe)
 		qel->pktns->tx.pto_probe--;