BUG/MINOR: quic: fix ODCID lookup from derived value

In haproxy, when an Initial packet is received, a new connection may be
created and a DCID must be attributed. This CID is derived from the
original DCID used by the client in its first packet. This is an
optimization to avoid storing two CIDs values in the CID tree.

On CID lookup, if the DCID used is not found, derivation is performed
again. This should permit to retrieve the DCID node. However, this
operation is not performed as expected in quic_get_cid_tid(), as the
wrong value is used on the second lookup. Fix this function by using
derive CID for it. Note that retrieve_qc_conn_from_cid() performs the
same lookup but the bug was not present there.

The impact of this bug is relatively low as most clients send a single
Initial packet. Even in case of multiple packets in a single datagram,
this does not cause any issue as the current thread is assigned as
default.

This should be backported up to 2.8.

diff --git a/src/quic_cid.c b/src/quic_cid.c
index 6bd475af74e8ac3295c52464b5353653845b406b..13bc280c256213d494c7b82f92689e0a78c969e9 100644 (file)
--- a/src/quic_cid.c
+++ b/src/quic_cid.c
@@ -378,7 +378,7 @@ int quic_get_cid_tid(const unsigned char *cid, size_t cid_len,
 
                tree = &quic_fe_cid_trees[quic_cid_tree_idx(&derive_cid)];
                HA_RWLOCK_RDLOCK(QC_CID_LOCK, &tree->lock);
-               node = ebmb_lookup(&tree->root, cid, cid_len);
+               node = ebmb_lookup(&tree->root, derive_cid.data, derive_cid.len);
                if (node) {
                        conn_id = ebmb_entry(node, struct quic_connection_id, node);
                        cid_tid = HA_ATOMIC_LOAD(&conn_id->tid);