upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-21 06:06:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag

Browse source 
Building a retry message, the offset of the tag was checked instead of the
remaining length into the buffer.

Must be backported as far as 2.6.
This commit is contained in:
Emeric Brun 2023-06-27 15:24:05 +02:00 committed by Amaury Denoyelle
parent e12e202f6a
commit f473eb7206
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/quic_conn.c
View file

@ -6677,7 +6677,7 @@ static int send_retry(int fd, struct sockaddr_storage *addr,
i += token_len;
/* token integrity tag */
if ((&buf[i] - buf < QUIC_TLS_TAG_LEN) ||
if ((sizeof(buf) - i < QUIC_TLS_TAG_LEN) ||
!quic_tls_generate_retry_integrity_tag(pkt->dcid.data,
pkt->dcid.len, buf, i, qv)) {
TRACE_ERROR("quic_tls_generate_retry_integrity_tag() failed", QUIC_EV_CONN_TXPKT);