git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Frédéric Lécaille <flecaille@haproxy.com>
	Fri, 3 Feb 2023 15:15:08 +0000 (16:15 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Fri, 3 Feb 2023 16:55:55 +0000 (17:55 +0100)
commit	0aa79953c9779a2da092b3d0f6908726fe7013ec
tree	d4fb78bb39be2f50594025c7ae573a7608ddb5ec	tree \| snapshot
parent	af25a69c8b0faa57a27dd5e9a99cbbe350ee6b07	commit \| diff

BUG/MINOR: quic: Unchecked source connection ID

The SCID (source connection ID) used by a peer (client or server) is sent into the
long header of a QUIC packet in clear. But it is also sent into the transport
parameters (initial_source_connection_id). As these latter are encrypted into the
packet, one must check that these two pieces of information do not differ
due to a packet header corruption. Furthermore as such a connection is unusuable
it must be killed and must stop as soon as possible processing RX/TX packets.

Implement qc_kill_con() to flag a connection as unusable and to kille it asap
waking up the idle timer task to release the connection.

Add a check to quic_transport_params_store() to detect that the SCIDs do not
match and make it call qc_kill_con().

Add several tests about connection to be killed at several critial locations,
especially in the TLS stack callback to receive CRYPTO data from or derive secrets,
and before preparing packet after having received others.

Must be backported to 2.6 and 2.7.

include/haproxy/quic_conn-t.h		diff \| blob \| blame \| history
include/haproxy/quic_conn.h		diff \| blob \| blame \| history
src/quic_conn.c		diff \| blob \| blame \| history
src/quic_tp.c		diff \| blob \| blame \| history