RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-03 18:52:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: quic: Wrong STREAM frames parsing.

Browse Source 
After having re-read the RFC, we noticed there are two bugs in the STREAM
frame parser. When the OFF bit (0x04) in the frame type is not set
we must set the offset to 0 (it was not set at all). When the LEN bit (0x02)
is not set we must extend the length of the data field to the end of the packet
(it was not set at all).
This commit is contained in:
Frdric Lcaille 2020-12-31 10:57:04 +01:00 committed by Willy Tarreau
parent 50044adc60
commit 129a351a3f
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/quic_frame.c
View File

@ -396,10 +396,21 @@ static int quic_parse_stream_frame(struct quic_frame *frm, struct quic_conn *qc,
{
struct quic_stream *stream = &frm->stream;
if (!quic_dec_int(&stream->id, buf, end) ||
((frm->type & QUIC_STREAM_FRAME_OFF_BIT) && !quic_dec_int(&stream->offset, buf, end)) ||
((frm->type & QUIC_STREAM_FRAME_LEN_BIT) &&
(!quic_dec_int(&stream->len, buf, end) || end - *buf < stream->len)))
if (!quic_dec_int(&stream->id, buf, end))
return 0;
/* Offset parsing */
if (!(frm->type & QUIC_STREAM_FRAME_OFF_BIT)) {
stream->offset = 0;
}
else if (!quic_dec_int(&stream->offset, buf, end))
return 0;
/* Length parsing */
if (!(frm->type & QUIC_STREAM_FRAME_LEN_BIT)) {
stream->len = end - *buf;
}
else if (!quic_dec_int(&stream->len, buf, end) || end - *buf < stream->len)
return 0;
stream->data = *buf;