git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Frederic Lecaille <flecaille@haproxy.com>
	Fri, 5 Sep 2025 13:41:27 +0000 (15:41 +0200)
committer	Frederic Lecaille <flecaille@haproxy.com>
	Fri, 5 Sep 2025 14:17:11 +0000 (16:17 +0200)
commit	d7dea408c64c327cab6aebf4ccad93405b675565
tree	46083d95eb39cc71cb7b780439a1e678ecedf358	tree \| snapshot
parent	71336bdd0892512d252ea69a4c54cf1978ad4952	commit \| diff

BUG/MINOR: quic: too short PADDING frame for too short packets

This bug arrvived with this commit:

    MINOR: quic: centralize padding for HP sampling on packet building

What was missed is the fact that at the centralization point for the
PADDING frame to add for too short packet, <len> payload length  already includes
<*pn_len> the packet number field length value.

So when computing the length of the PADDING frame, the packet field length must
not be considered and added to the payload length (<len>).

This bug leaded too short PADDING frame to too short packets. This was the case,
most of times with Application level packets with a 1-byte packet number field
followed by a 1-byte PING frame. A 1-byte PADDING frame was added in this case
in place of a correct 2-bytes PADDINF frame. The header packet protection of
such packet could not be removed by the clients as for instance for ngtcp2 with
such traces:

    I00001828 0x5a135c81e803f092c74bac64a85513b657 pkt could not decrypt packet number

As the header protection could no be removed, the header keyupdate bit could also
not be read by packet analyzers such as pyshark used during the keyupdate tests.

No need to backport.

include/haproxy/quic_conn-t.h		diff \| blob \| blame \| history
src/quic_tx.c		diff \| blob \| blame \| history