BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag

author Emeric Brun <ebrun@haproxy.com>

Tue, 27 Jun 2023 13:24:05 +0000 (15:24 +0200)

committer Amaury Denoyelle <adenoyelle@haproxy.com>

Tue, 27 Jun 2023 16:54:10 +0000 (18:54 +0200)
author Emeric Brun <ebrun@haproxy.com>
Tue, 27 Jun 2023 13:24:05 +0000 (15:24 +0200)
committer Amaury Denoyelle <adenoyelle@haproxy.com>
Tue, 27 Jun 2023 16:54:10 +0000 (18:54 +0200)
diff --git a/src/quic_conn.c b/src/quic_conn.c

index ed15f53ed58aafb1d5a7fe8443627e64ea013810..caf04a2446ca09fd6ede8118ce4c95ce7beb429e 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6677,7 +6677,7 @@ static int send_retry(int fd, struct sockaddr_storage *addr,
         i += token_len;
  
         /* token integrity tag */
-       if ((&buf[i] - buf < QUIC_TLS_TAG_LEN) ||
+       if ((sizeof(buf) - i < QUIC_TLS_TAG_LEN) ||
             !quic_tls_generate_retry_integrity_tag(pkt->dcid.data,
                                                    pkt->dcid.len, buf, i, qv)) {
                 TRACE_ERROR("quic_tls_generate_retry_integrity_tag() failed", QUIC_EV_CONN_TXPKT);
author	Emeric Brun <ebrun@haproxy.com>
	Tue, 27 Jun 2023 13:24:05 +0000 (15:24 +0200)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Tue, 27 Jun 2023 16:54:10 +0000 (18:54 +0200)