QUIC: avoid partial expansion of PATH_CHALLENGE/PATH_RESPONSE.

By default packets with these frames are expanded to 1200 bytes.  Previously,
if anti-amplification limit did not allow this expansion, it was limited to
whatever size was allowed.  However RFC 9000 clearly states no partial
expansion should happen in both cases.

    Section 8.2.1.  Initiating Path Validation:

    An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
    to at least the smallest allowed maximum datagram size of 1200 bytes,
    unless the anti-amplification limit for the path does not permit
    sending a datagram of this size.

    Section 8.2.2. Path Validation Responses:

    An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
    to at least the smallest allowed maximum datagram size of 1200 bytes.
    ...
    However, an endpoint MUST NOT expand the datagram containing the
    PATH_RESPONSE if the resulting data exceeds the anti-amplification limit.

1 files changed, 1 insertions, 3 deletions

diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
index 914d81921..a0acdb700 100644
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -63,8 +63,6 @@ static ssize_t ngx_quic_send(ngx_connection_t *c, u_char *buf, size_t len,
     struct sockaddr *sockaddr, socklen_t socklen);
 static void ngx_quic_set_packet_number(ngx_quic_header_t *pkt,
     ngx_quic_send_ctx_t *ctx);
-static size_t ngx_quic_path_limit(ngx_connection_t *c, ngx_quic_path_t *path,
-    size_t size);
 
 
 ngx_int_t
@@ -1250,7 +1248,7 @@ ngx_quic_frame_sendto(ngx_connection_t *c, ngx_quic_frame_t *frame,
 }
 
 
-static size_t
+size_t
 ngx_quic_path_limit(ngx_connection_t *c, ngx_quic_path_t *path, size_t size)
 {
     off_t  max;