BUG/MINOR: quic: fix TP reject on invalid max-ack-delay
Checks are implemented on some received transport parameter values, to reject invalid ones defined per RFC 9000. This is the case for max_ack_delay parameter. The check was not properly implemented as it only reject values strictly greater than the limit set to 2^14. Fix this by rejecting values of 2^14 and above. Also, the proper error code TRANSPORT_PARAMETER_ERROR is now set. This should be backported up to 2.6. Note that is relies on previous patch "MINOR: quic: extend return value on TP parsing".
This commit is contained in:
Amaury Denoyelle
parent
b60a17aad7
commit
ffabfb0fc3
@ -349,9 +349,17 @@ quic_transport_param_decode(struct quic_transport_params *p, int server,
|
||||
|
||||
break;
|
||||
case QUIC_TP_MAX_ACK_DELAY:
|
||||
if (!quic_dec_int(&p->max_ack_delay, buf, end) ||
|
||||
p->max_ack_delay > QUIC_TP_MAX_ACK_DELAY_LIMIT)
|
||||
if (!quic_dec_int(&p->max_ack_delay, buf, end))
|
||||
return QUIC_TP_DEC_ERR_TRUNC;
|
||||
|
||||
/* RFC 9000 18.2. Transport Parameter Definitions
|
||||
*
|
||||
* max_ack_delay (0x0b): [...]
|
||||
* Values of 2^14 or greater are invalid.
|
||||
*/
|
||||
if (p->max_ack_delay >= QUIC_TP_MAX_ACK_DELAY_LIMIT)
|
||||
return QUIC_TP_DEC_ERR_INVAL;
|
||||
|
||||
break;
|
||||
case QUIC_TP_DISABLE_ACTIVE_MIGRATION:
|
||||
/* Zero-length parameter type. */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user