From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Thu, 16 Feb 2023 16:30:53 +0000 (+0100)
Subject: BUG/MINOR: quic: Missing padding for short packets
X-Git-Tag: v2.8-dev5~170
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=5faf577997314bcfbc25c8eef35b682058d2a999;p=haproxy-3.0.git

BUG/MINOR: quic: Missing padding for short packets

This was revealed by Amaury when setting tune.quic.frontend.max-streams-bidi to 8
and asking a client to open 12 streams. haproxy has to send short packets
with little MAX_STREAMS frames encoded with 2 bytes. In addition to a packet number
encoded with only one byte. In the case <len_frms> is the length of the encoded
frames to be added to the packet plus the length of the packet number.

Ensure the length of the packet is at least QUIC_PACKET_PN_MAXLEN adding a PADDING
frame wich (QUIC_PACKET_PN_MAXLEN - <len_frms>) as size. For instance with
a two bytes MAX_STREAMS frames and a one byte packet number length, this adds
one byte of padding.

See https://datatracker.ietf.org/doc/html/rfc9001#name-header-protection-sample.

Must be backported to 2.7 and 2.6.
---

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 83188c4..4d22a49 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -7277,7 +7277,10 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end,
 		padding_len -= quic_int_getsize(len + padding_len) - len_sz;
 		len += padding_len;
 	}
-	else if (LIST_ISEMPTY(&frm_list) || len_frms == len) {
+	else if (len_frms && len_frms < QUIC_PACKET_PN_MAXLEN) {
+		len += padding_len = QUIC_PACKET_PN_MAXLEN - len_frms;
+	}
+	else if (LIST_ISEMPTY(&frm_list)) {
 		if (qel->pktns->tx.pto_probe) {
 			/* If we cannot send a frame, we send a PING frame. */
 			add_ping_frm = 1;