haproxy

History

Fr�d�ric L�caille b9d076d9b8 BUG/MINOR: quic: Unchecked source connection ID The SCID (source connection ID) used by a peer (client or server) is sent into the long header of a QUIC packet in clear. But it is also sent into the transport parameters (initial_source_connection_id). As these latter are encrypted into the packet, one must check that these two pieces of information do not differ due to a packet header corruption. Furthermore as such a connection is unusuable it must be killed and must stop as soon as possible processing RX/TX packets. Implement qc_kill_con() to flag a connection as unusable and to kille it asap waking up the idle timer task to release the connection. Add a check to quic_transport_params_store() to detect that the SCIDs do not match and make it call qc_kill_con(). Add several tests about connection to be killed at several critial locations, especially in the TLS stack callback to receive CRYPTO data from or derive secrets, and before preparing packet after having received others. Must be backported to 2.6 and 2.7. (cherry picked from commit `0aa79953c9`) Signed-off-by: Willy Tarreau <w@1wt.eu> (cherry picked from commit b8f3e25677d9433869846e47cefb71b9841e8f12) [wt: adj ctx: no quic_dgram_parse() in 2.6] Signed-off-by: Willy Tarreau <w@1wt.eu>	2023-02-13 08:29:02 +01:00
..
haproxy	BUG/MINOR: quic: Unchecked source connection ID	2023-02-13 08:29:02 +01:00
import	MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups	2022-08-03 14:55:25 +02:00

Fr�d�ric L�caille b9d076d9b8 BUG/MINOR: quic: Unchecked source connection ID

The SCID (source connection ID) used by a peer (client or server) is sent into the
long header of a QUIC packet in clear. But it is also sent into the transport
parameters (initial_source_connection_id). As these latter are encrypted into the
packet, one must check that these two pieces of information do not differ
due to a packet header corruption. Furthermore as such a connection is unusuable
it must be killed and must stop as soon as possible processing RX/TX packets.

Implement qc_kill_con() to flag a connection as unusable and to kille it asap
waking up the idle timer task to release the connection.

Add a check to quic_transport_params_store() to detect that the SCIDs do not
match and make it call qc_kill_con().

Add several tests about connection to be killed at several critial locations,
especially in the TLS stack callback to receive CRYPTO data from or derive secrets,
and before preparing packet after having received others.

Must be backported to 2.6 and 2.7.

(cherry picked from commit 0aa79953c9)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit b8f3e25677d9433869846e47cefb71b9841e8f12)
[wt: adj ctx: no quic_dgram_parse() in 2.6]
Signed-off-by: Willy Tarreau <w@1wt.eu>

2023-02-13 08:29:02 +01:00

haproxy BUG/MINOR: quic: Unchecked source connection ID 2023-02-13 08:29:02 +01:00

import MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups 2022-08-03 14:55:25 +02:00