From: Amaury Denoyelle Date: Thu, 19 May 2022 14:45:37 +0000 (+0200) Subject: BUG/MEDIUM: quic: fix initialization for local/remote TPs X-Git-Tag: v2.6-dev11~43 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0daef007e42a38bd1e79a69eb3f09c3a805346e0;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: quic: fix initialization for local/remote TPs The local and remote TPs were both processed through the same function quic_transport_params_init(). This caused the remote TPs to be overwritten with values configured for our local usage. Change this by reserving quic_transport_params_init() only for our local TPs. Remote TPs are simply initialized via quic_dflt_transport_params_cpy(). This bug could result in a connection closed in error by the client due to a violation of its TPs. For example, curl client closed the connection after receiving too many CONNECTION_ID due to an invalid active_connection_id value used. --- diff --git a/include/haproxy/xprt_quic.h b/include/haproxy/xprt_quic.h index ce65e8bf86..080d65fd1d 100644 --- a/include/haproxy/xprt_quic.h +++ b/include/haproxy/xprt_quic.h @@ -456,9 +456,13 @@ static inline void quic_dflt_transport_params_cpy(struct quic_transport_params * dst->active_connection_id_limit = quic_dflt_transport_params.active_connection_id_limit; } -/* Initialize

transport parameters depending boolean value which - * must be set to 1 for a server (haproxy listener), 0 for a client (connection - * to haproxy server). +/* Initialize

transport parameters. is a boolean, set if TPs are + * used by a server (haproxy frontend) else this is for a client (haproxy + * backend). + * + * This must only be used for haproxy local parameters. To initialize peer + * parameters, see quic_dflt_transport_params_cpy(). + * * Never fails. */ static inline void quic_transport_params_init(struct quic_transport_params *p, @@ -885,7 +889,6 @@ static inline int quic_transport_params_decode(struct quic_transport_params *p, pos = buf; - quic_transport_params_init(p, server); while (pos != end) { uint64_t type, len; @@ -925,6 +928,9 @@ static inline int quic_transport_params_store(struct quic_conn *conn, int server struct quic_transport_params *tx_params = &conn->tx.params; struct quic_transport_params *rx_params = &conn->rx.params; + /* initialize peer TPs to RFC default value */ + quic_dflt_transport_params_cpy(tx_params); + if (!quic_transport_params_decode(tx_params, server, buf, end)) return 0;