From cd652efecab08ce6a10240456635c326cc22e0ea Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Wed, 27 May 2026 15:34:01 +0200 Subject: [PATCH] BUG/MINOR: qmux: reject too large initial record Initial max_record_size is set to 16382. If the first received record size is larger, abort xprt_qmux layer immediately without having to wait for the timeout. No need to backport. --- src/xprt_qmux.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/xprt_qmux.c b/src/xprt_qmux.c index e544f559a..1fdbcd88b 100644 --- a/src/xprt_qmux.c +++ b/src/xprt_qmux.c @@ -97,6 +97,10 @@ int conn_recv_qmux(struct connection *conn, struct xprt_qmux_ctx *ctx, int flag) ctx->rxrlen = rlen; } + /* TODO initial max_record_size is limited to 16382 */ + if (ctx->rxrlen > b_size(buf)) + goto fail; + if (ctx->rxrlen > b_data(buf)) goto not_ready;