From 5997d18c7862e9461a005a4e74ca1ab80c49bb20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Fri, 30 Jun 2023 14:41:31 +0200 Subject: [PATCH] BUG/MINOR: quic: Wrong Retry paquet version field endianess The 32-bits version field of the Retry paquet was inversed by the code. As this field must be in the network byte order on the wire, this code has supposed that the sender of the Retry packet will always be little endian. Hopefully this is often the case on our Intel machines ;) Must be backported as far as 2.6. --- src/quic_conn.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/quic_conn.c b/src/quic_conn.c index 9ecce9197..6be031717 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -6646,10 +6646,8 @@ static int send_retry(int fd, struct sockaddr_storage *addr, (quic_pkt_type(QUIC_PACKET_TYPE_RETRY, qv->num) << QUIC_PACKET_TYPE_SHIFT) | statistical_prng_range(16); /* version */ - buf[i++] = *((unsigned char *)&qv->num + 3); - buf[i++] = *((unsigned char *)&qv->num + 2); - buf[i++] = *((unsigned char *)&qv->num + 1); - buf[i++] = *(unsigned char *)&qv->num; + *(uint32_t *)&buf[i] = htonl(qv->num); + i += sizeof(uint32_t); /* Use the SCID from for Retry DCID. */ buf[i++] = pkt->scid.len;