From 2b3722942cf3e3538693e9c040cdfdacb3f1a81c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Thu, 16 Feb 2023 11:40:11 +0100 Subject: [PATCH] BUG/MINOR: quic: Do not drop too small datagrams with Initial packets When receiving an Initial packet a peer must drop it if the datagram is smaller than 1200. Before this patch, this is the entire datagram which was dropped. In such a case, drop the packet after having parsed its length. Must be backported to 2.6 and 2.7 (cherry picked from commit 35218c6357b441142b2af19e31c8991a28b97075) Signed-off-by: Christopher Faulet (cherry picked from commit 97c8d5767f9f2e4b07f52bf2cbd3a3ba32d4e839) Signed-off-by: Amaury Denoyelle --- src/quic_conn.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/src/quic_conn.c b/src/quic_conn.c index 7e10287c3..94c91cd90 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -6211,13 +6211,6 @@ static int quic_rx_pkt_parse(struct quic_rx_packet *pkt, goto drop; } - if (pkt->type == QUIC_PACKET_TYPE_INITIAL && - dgram->len < QUIC_INITIAL_PACKET_MINLEN) { - TRACE_PROTO("Too short datagram with an Initial packet", QUIC_EV_CONN_LPKT); - HA_ATOMIC_INC(&prx_counters->too_short_initial_dgram); - goto drop; - } - /* When multiple QUIC packets are coalesced on the same UDP datagram, * they must have the same DCID. */ @@ -6312,6 +6305,19 @@ static int quic_rx_pkt_parse(struct quic_rx_packet *pkt, pkt->pn_offset = buf - beg; pkt->len = pkt->pn_offset + len; + /* RFC 9000. Initial Datagram Size + * + * A server MUST discard an Initial packet that is carried in a UDP datagram + * with a payload that is smaller than the smallest allowed maximum datagram + * size of 1200 bytes. + */ + if (pkt->type == QUIC_PACKET_TYPE_INITIAL && + dgram->len < QUIC_INITIAL_PACKET_MINLEN) { + TRACE_PROTO("Too short datagram with an Initial packet", QUIC_EV_CONN_LPKT); + HA_ATOMIC_INC(&prx_counters->too_short_initial_dgram); + goto drop; + } + /* Interrupt parsing after packet length retrieval : this * ensures that only the packet is dropped but not the whole * datagram.