BUG/MAJOR: quic: reject invalid token

Token parsing code on INITIAL packet for the NEW_TOKEN format is not
robust enough and may even crash on some rare malformed packets.

This patch fixes this by adding a check on the expected length of the
received token. The packet is now rejected if the token does not match
QUIC_TOKEN_LEN. This check is legitimate as haproxy should only parse
tokens emitted by itself.

This issue has been introduced with the implementation of NEW_TOKEN
tokens parsing required for 0-RTT support.

This issue is assigned to CVE-2026-26081 report.

This must be backported up to 3.0.

Reported-by: Asim Viladi Oglu Manizada <manizada@pm.me>
(cherry picked from commit 4aa974f)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit b9b182b)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 4765277)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>

Author: a-denoyelle

src/quic_token.c

@@ -129,6 +129,11 @@ int quic_token_check(struct quic_rx_packet *pkt,
 		goto err;
 	}
 
+	if (tokenlen != QUIC_TOKEN_LEN) {
+		TRACE_ERROR("invalid token length", QUIC_EV_CONN_LPKT, qc);
+		goto err;
+	}
+
 	/* Generate the AAD. */
 	aadlen = ipaddrcpy(aad, &dgram->saddr);
 	rand = token + tokenlen - QUIC_TOKEN_RAND_DLEN;