BUG/MINOR: quic: Wrong token length check (quic_generate_retry_token())

This bug would never occur because the buffer supplied to quic_generate_retry_token()
to build a Retry token is large enough to embed such a token. Anyway, this patch
fixes quic_generate_retry_token() implementation.

There were two errors: this is the ODCID which is added to the token. Furthermore
the timestamp was not taken into an account.

Must be backported to 2.6 and 2.7.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 1f5a54e95a852b1e5517ac5322f7c7c9e442beed..eb47f340fc44ba19e41a81826341bb8ada198638 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6396,11 +6396,11 @@ static int quic_generate_retry_token(unsigned char *token, size_t len,
 
        TRACE_ENTER(QUIC_EV_CONN_TXPKT);
 
-       /* We copy the odcid into the token, prefixed by its one byte
-        * length, the format token byte. It is followed by an AEAD TAG, and finally
+       /* The token is made of the token format byte, the ODCID prefixed by its one byte
+        * length, the creation timestamp, an AEAD TAG, and finally
         * the random bytes used to derive the secret to encrypt the token.
         */
-       if (1 + dcid->len + 1 + QUIC_TLS_TAG_LEN + sizeof salt > len)
+       if (1 + odcid->len + 1 + sizeof(timestamp) + QUIC_TLS_TAG_LEN + QUIC_RETRY_TOKEN_SALTLEN > len)
                goto err;
 
        aadlen = quic_generate_retry_token_aad(aad, version, dcid, addr);