From: Amaury Denoyelle Date: Tue, 6 May 2025 15:59:21 +0000 (+0200) Subject: BUG/MINOR: quic: use proper error code on invalid server TP X-Git-Tag: v3.2-dev15~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a54fdd3d926fabfc438dbaedbd3d08814fb99862;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: use proper error code on invalid server TP This commit is similar to the previous one. It fixes the error code reported when dealing with invalid received transport parameters. This time, it handles reception of original_destination_connection_id, preferred_address and stateless_reset_token which must not be emitted by the client. This should be backported up to 2.6. Note that is relies on previous patch "MINOR: quic: extend return value on TP parsing". --- diff --git a/src/quic_tp.c b/src/quic_tp.c index 49963c23f..a4252e3aa 100644 --- a/src/quic_tp.c +++ b/src/quic_tp.c @@ -254,9 +254,19 @@ quic_transport_param_decode(struct quic_transport_params *p, int server, switch (type) { case QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID: - if (!server || len > sizeof p->original_destination_connection_id.data) - return QUIC_TP_DEC_ERR_TRUNC; + /* RFC 9000 18.2. Transport Parameter Definitions + * + * A client MUST NOT include any server-only transport parameter: + * original_destination_connection_id, preferred_address, + * retry_source_connection_id, or stateless_reset_token. A server MUST + * treat receipt of any of these transport parameters as a connection + * error of type TRANSPORT_PARAMETER_ERROR. + */ + if (!server) + return QUIC_TP_DEC_ERR_INVAL; + if (len > sizeof p->original_destination_connection_id.data) + return QUIC_TP_DEC_ERR_TRUNC; if (len) memcpy(p->original_destination_connection_id.data, *buf, len); p->original_destination_connection_id.len = len; @@ -274,15 +284,21 @@ quic_transport_param_decode(struct quic_transport_params *p, int server, p->initial_source_connection_id_present = 1; break; case QUIC_TP_STATELESS_RESET_TOKEN: - if (!server || len != sizeof p->stateless_reset_token) + /* see original_destination_connection_id RFC reference above. */ + if (!server) + return QUIC_TP_DEC_ERR_INVAL; + + if (len != sizeof p->stateless_reset_token) return QUIC_TP_DEC_ERR_TRUNC; memcpy(p->stateless_reset_token, *buf, len); *buf += len; p->with_stateless_reset_token = 1; break; case QUIC_TP_PREFERRED_ADDRESS: + /* see original_destination_connection_id RFC reference above. */ if (!server) - return QUIC_TP_DEC_ERR_TRUNC; + return QUIC_TP_DEC_ERR_INVAL; + if (!quic_transport_param_dec_pref_addr(&p->preferred_address, buf, *buf + len)) return QUIC_TP_DEC_ERR_TRUNC; p->with_preferred_address = 1;