]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8f7d224)
BUG/MINOR: quic: Do not drop too small datagrams with Initial packets
authorFrédéric Lécaille <flecaille@haproxy.com>
Thu, 16 Feb 2023 10:40:11 +0000 (11:40 +0100)
committerAmaury Denoyelle <adenoyelle@haproxy.com>
Fri, 17 Feb 2023 16:36:30 +0000 (17:36 +0100)
When receiving an Initial packet a peer must drop it if the datagram is smaller
than 1200. Before this patch, this is the entire datagram which was dropped.

In such a case, drop the packet after having parsed its length.

Must be backported to 2.6 and 2.7

src/quic_conn.c patch | blob | blame | history

diff --git a/src/quic_conn.c b/src/quic_conn.c
index ebbf003cba10986944d1ac8be2298691ee9d3137..83188c4282a5c07357670d36f520632a961fcd0f 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6287,13 +6287,6 @@ static int quic_rx_pkt_parse(struct quic_rx_packet *pkt,
                        goto drop;
                }
 
-               if (pkt->type == QUIC_PACKET_TYPE_INITIAL &&
-                   dgram->len < QUIC_INITIAL_PACKET_MINLEN) {
-                       TRACE_PROTO("Too short datagram with an Initial packet", QUIC_EV_CONN_LPKT);
-                       HA_ATOMIC_INC(&prx_counters->too_short_initial_dgram);
-                       goto drop;
-               }
-
                /* When multiple QUIC packets are coalesced on the same UDP datagram,
                 * they must have the same DCID.
                 */
@@ -6388,6 +6381,19 @@ static int quic_rx_pkt_parse(struct quic_rx_packet *pkt,
                pkt->pn_offset = buf - beg;
                pkt->len = pkt->pn_offset + len;
 
+               /* RFC 9000. Initial Datagram Size
+                *
+                * A server MUST discard an Initial packet that is carried in a UDP datagram
+                * with a payload that is smaller than the smallest allowed maximum datagram
+                * size of 1200 bytes.
+                */
+               if (pkt->type == QUIC_PACKET_TYPE_INITIAL &&
+                   dgram->len < QUIC_INITIAL_PACKET_MINLEN) {
+                       TRACE_PROTO("Too short datagram with an Initial packet", QUIC_EV_CONN_LPKT);
+                       HA_ATOMIC_INC(&prx_counters->too_short_initial_dgram);
+                       goto drop;
+               }
+
                /* Interrupt parsing after packet length retrieval : this
                 * ensures that only the packet is dropped but not the whole
                 * datagram.
Mirror of https://github.com/haproxy/haproxy.git