Add a patch to fix QUIC stateless reset bug

Dockerfile

@@ -19,7 +19,7 @@
 
 FROM debian:12 as build
 
-COPY patches/extra-mrbgem.patch /
+COPY patches/extra-mrbgem.patch patches/0001-nghttpx-Fix-QUIC-stateless-reset-stack-buffer-overfl.patch /
 
 # Inspired by clean-install https://github.com/kubernetes/kubernetes/blob/73641d35c7622ada9910be6fb212d40755cc1f78/build/debian-base/clean-install
 RUN apt-get update && \
@@ -65,6 +65,7 @@ RUN git clone --depth 1 -b v1.3.0 https://github.com/libbpf/libbpf && \
 RUN git clone --recursive --shallow-submodules --depth 1 -b v1.61.0 https://github.com/nghttp2/nghttp2.git && \
     cd nghttp2 && \
     patch -p1 < /extra-mrbgem.patch && \
+    patch -p1 < /0001-nghttpx-Fix-QUIC-stateless-reset-stack-buffer-overfl.patch && \
     autoreconf -i && \
     ./configure --disable-examples --disable-hpack-tools --with-mruby \
         --enable-http3 --with-libbpf \

patches/0001-nghttpx-Fix-QUIC-stateless-reset-stack-buffer-overfl.patch

@@ -0,0 +1,25 @@
+From dcc5d44094e798bd313bec859da809bad65d0416 Mon Sep 17 00:00:00 2001
+From: Tatsuhiro Tsujikawa <[email protected]>
+Date: Fri, 5 Apr 2024 16:47:17 +0900
+Subject: [PATCH] nghttpx: Fix QUIC stateless reset stack buffer overflow
+
+---
+ src/shrpx_quic_connection_handler.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shrpx_quic_connection_handler.cc b/src/shrpx_quic_connection_handler.cc
+index b810aa68..44da6260 100644
+--- a/src/shrpx_quic_connection_handler.cc
++++ b/src/shrpx_quic_connection_handler.cc
+@@ -590,7 +590,7 @@ int QUICConnectionHandler::send_stateless_reset(
+
+   // SCID + minimum expansion - NGTCP2_STATELESS_RESET_TOKENLEN
+   constexpr size_t max_rand_byteslen =
+-      SHRPX_QUIC_SCIDLEN + 22 - NGTCP2_STATELESS_RESET_TOKENLEN;
++      NGTCP2_MAX_CIDLEN + 22 - NGTCP2_STATELESS_RESET_TOKENLEN;
+
+   size_t rand_byteslen;
+
+-- 
+2.34.1
+