BUG/MEDIUM: quic: fix initialization for local/remote TPs

The local and remote TPs were both processed through the same function
quic_transport_params_init(). This caused the remote TPs to be
overwritten with values configured for our local usage.

Change this by reserving quic_transport_params_init() only for our local
TPs. Remote TPs are simply initialized via
quic_dflt_transport_params_cpy().

This bug could result in a connection closed in error by the client due
to a violation of its TPs. For example, curl client closed the
connection after receiving too many CONNECTION_ID due to an invalid
active_connection_id value used.

diff --git a/include/haproxy/xprt_quic.h b/include/haproxy/xprt_quic.h
index ce65e8bf865f2ca2833b1399bb178f4349ab2472..080d65fd1d74f37afd11e7cca9c636e7c764bd96 100644 (file)
--- a/include/haproxy/xprt_quic.h
+++ b/include/haproxy/xprt_quic.h
@@ -456,9 +456,13 @@ static inline void quic_dflt_transport_params_cpy(struct quic_transport_params *
        dst->active_connection_id_limit = quic_dflt_transport_params.active_connection_id_limit;
 }
 
-/* Initialize <p> transport parameters depending <server> boolean value which
- * must be set to 1 for a server (haproxy listener), 0 for a client (connection
- * to haproxy server).
+/* Initialize <p> transport parameters. <server> is a boolean, set if TPs are
+ * used by a server (haproxy frontend) else this is for a client (haproxy
+ * backend).
+ *
+ * This must only be used for haproxy local parameters. To initialize peer
+ * parameters, see quic_dflt_transport_params_cpy().
+ *
  * Never fails.
  */
 static inline void quic_transport_params_init(struct quic_transport_params *p,
@@ -885,7 +889,6 @@ static inline int quic_transport_params_decode(struct quic_transport_params *p,
 
        pos = buf;
 
-       quic_transport_params_init(p, server);
        while (pos != end) {
                uint64_t type, len;
 
@@ -925,6 +928,9 @@ static inline int quic_transport_params_store(struct quic_conn *conn, int server
        struct quic_transport_params *tx_params = &conn->tx.params;
        struct quic_transport_params *rx_params = &conn->rx.params;
 
+       /* initialize peer TPs to RFC default value */
+       quic_dflt_transport_params_cpy(tx_params);
+
        if (!quic_transport_params_decode(tx_params, server, buf, end))
                return 0;