RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: quic: reject unknown frame type 

As specified by RFC 9000, connection is closed on error if an unknown
QUIC frame type is received.

Previously, a frame with unknown type was silently discarded. The
connection remained opened which is not conformant to the specification.

This should be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle 2024-02-15 14:41:12 +01:00
parent 081022a0c5
commit 5a2aa8c161
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/quic_frame.c
View File

@ -13,7 +13,7 @@
#include <haproxy/buf-t.h>
#include <haproxy/chunk.h>
#include <haproxy/pool.h>
#include <haproxy/quic_conn-t.h>
#include <haproxy/quic_conn.h>
#include <haproxy/quic_enc.h>
#include <haproxy/quic_frame.h>
#include <haproxy/quic_rx-t.h>
@ -1114,7 +1114,13 @@ int qc_parse_frm(struct quic_frame *frm, struct quic_rx_packet *pkt,
frm->type = *(*pos)++;
if (frm->type >= QUIC_FT_MAX) {
/* RFC 9000 12.4. Frames and Frame Types
*
* An endpoint MUST treat the receipt of a frame of unknown type as a
* connection error of type FRAME_ENCODING_ERROR.
*/
TRACE_DEVEL("wrong frame type", QUIC_EV_CONN_PRSFRM, qc, frm);
quic_set_connection_close(qc, quic_err_transport(QC_ERR_FRAME_ENCODING_ERROR));
goto leave;
}