BUG/MINOR: quic: Wrong token length check (quic_generate_retry_token())
This bug would never occur because the buffer supplied to quic_generate_retry_token()
to build a Retry token is large enough to embed such a token. Anyway, this patch
fixes quic_generate_retry_token() implementation.
There were two errors: this is the ODCID which is added to the token. Furthermore
the timestamp was not taken into an account.
Must be backported to 2.6 and 2.7.
diff --git a/src/quic_conn.c b/src/quic_conn.c
index 1f5a54e..eb47f34 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6396,11 +6396,11 @@
TRACE_ENTER(QUIC_EV_CONN_TXPKT);
- /* We copy the odcid into the token, prefixed by its one byte
- * length, the format token byte. It is followed by an AEAD TAG, and finally
+ /* The token is made of the token format byte, the ODCID prefixed by its one byte
+ * length, the creation timestamp, an AEAD TAG, and finally
* the random bytes used to derive the secret to encrypt the token.
*/
- if (1 + dcid->len + 1 + QUIC_TLS_TAG_LEN + sizeof salt > len)
+ if (1 + odcid->len + 1 + sizeof(timestamp) + QUIC_TLS_TAG_LEN + QUIC_RETRY_TOKEN_SALTLEN > len)
goto err;
aadlen = quic_generate_retry_token_aad(aad, version, dcid, addr);