BUG/MINOR: qpack: reject invalid dynamic table capacity

Currently haproxy does not implement dynamic table support for QPACK. As such, dynamic table capacity advertized via H3 SETTINGS is 0. When receiving a non-null Set Dynamic Table Capacity instruction, close immediately the connection using QPACK_ENCODER_STREAM_ERROR. Prior to this patch, such instructions were simply ignored. This is non conform to QUIC specification. This should be backported up to 2.6. Note that on 2.6 qcc_set_error() must be replaced by function qcc_emit_cc_app().
FireBurn · Feb 15, 2024 · f8df9bd · f8df9bd
1 parent bd71212
commit f8df9bd
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/qpack-dec.c b/src/qpack-dec.c
@@ -135,6 +135,19 @@ int qpack_decode_enc(struct buffer *buf, int fin, void *ctx)
 	}
 	else if (inst & QPACK_ENC_INST_SDTC_BIT) {
 		/* Set dynamic table capacity */
+		int capacity = *b_head(buf) & 0x1f;
+
+		/* RFC 9204 4.3.1. Set Dynamic Table Capacity
+		 *
+		 * The decoder MUST treat a new dynamic table capacity
+		 * value that exceeds this limit as a connection error of type
+		 * QPACK_ENCODER_STREAM_ERROR.
+		 */
+		if (capacity) {
+			qcc_set_error(qcs->qcc, QPACK_ENCODER_STREAM_ERROR, 1);
+			return -1;
+		}
+
 	}
 
 	return 0;