git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Amaury Denoyelle <adenoyelle@haproxy.com>
	Fri, 22 May 2026 13:49:44 +0000 (15:49 +0200)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Fri, 22 May 2026 14:03:10 +0000 (16:03 +0200)
commit	7cab3a3c3a439a221d125654e1d9302ad949aed6
tree	14850c2a586aa0dc5ab61839f3d1b9f9dda69da0	tree \| snapshot
parent	04b9215a2ecf3a7bec33438920eb8cc1ae7eb28e	commit \| diff

BUG/MINOR: quic: fix ODCID lookup from derived value

In haproxy, when an Initial packet is received, a new connection may be
created and a DCID must be attributed. This CID is derived from the
original DCID used by the client in its first packet. This is an
optimization to avoid storing two CIDs values in the CID tree.

On CID lookup, if the DCID used is not found, derivation is performed
again. This should permit to retrieve the DCID node. However, this
operation is not performed as expected in quic_get_cid_tid(), as the
wrong value is used on the second lookup. Fix this function by using
derive CID for it. Note that retrieve_qc_conn_from_cid() performs the
same lookup but the bug was not present there.

The impact of this bug is relatively low as most clients send a single
Initial packet. Even in case of multiple packets in a single datagram,
this does not cause any issue as the current thread is assigned as
default.

This should be backported up to 2.8.