upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-15 21:59:41 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

BUG/MEDIUM: h3: fix SETTINGS parsing

Browse source 
Function used to parse SETTINGS frame is incorrect as it does not stop
at the frame length but continue to parse beyond it. In most cases, it
will result in a connection closed with error H3_FRAME_ERROR.

This bug can be reproduced with clients that sent more than just a
SETTINGS frame on the H3 control stream. This is notably the case with
aioquic which emit a MAX_PUSH_ID after SETTINGS.

This bug has been introduced in the current dev release, by the
following patch
  62eef85961
  MINOR: mux-quic: simplify decode_qcs API
thus, it does not need to be backported.
This commit is contained in:
Amaury Denoyelle 2022-06-09 11:54:38 +02:00
parent c715eb7898
commit 3a2fcfd58d
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/h3.c
View file

@ -498,7 +498,7 @@ static ssize_t h3_parse_settings_frm(struct h3c *h3c, const struct buffer *buf,
TRACE_ENTER(H3_EV_RX_FRAME|H3_EV_RX_SETTINGS, h3c->qcc->conn);
/* Work on a copy of <buf>. */
b = b_make(b_orig(buf), b_size(buf), b_head_ofs(buf), b_data(buf));
b = b_make(b_orig(buf), b_size(buf), b_head_ofs(buf), len);
while (b_data(&b)) {
if (!b_quic_dec_int(&id, &b, &ret) || !b_quic_dec_int(&value, &b, &ret)) {