MINOR: quic: Drop Initial packets with wrong ODCID
According to the RFC 9000, the client ODCID must have a minimal length of 8 bytes.
diff --git a/include/haproxy/xprt_quic-t.h b/include/haproxy/xprt_quic-t.h
index e3eee60..157d81d 100644
--- a/include/haproxy/xprt_quic-t.h
+++ b/include/haproxy/xprt_quic-t.h
@@ -62,6 +62,8 @@
/* Common definitions for short and long QUIC packet headers. */
/* QUIC connection ID maximum length for version 1. */
#define QUIC_CID_MAXLEN 20 /* bytes */
+/* QUIC original destination connection ID minial length */
+#define QUIC_ODCID_MINLEN 8 /* bytes */
/*
* All QUIC packets with long headers are made of at least (in bytes):
* flags(1), version(4), DCID length(1), DCID(0..20), SCID length(1), SCID(0..20)
diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 322f117..a3a7bd0 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -4308,6 +4308,11 @@
goto err;
}
+ if (pkt->dcid.len < QUIC_ODCID_MINLEN) {
+ TRACE_PROTO("dropped packet", QUIC_EV_CONN_LPKT);
+ goto err;
+ }
+
pkt->saddr = dgram->saddr;
ipv4 = dgram->saddr.ss_family == AF_INET;
qc = qc_new_conn(pkt->version, ipv4,