BUG/MINOR: quic: Possible buffer overflow when building TLS records

This may happen only when the TLS stack has to be provided with more than 1024+1+5+16
bytes of CRYPTO data. In this case several TLS records have to be built in one
call to SSL_provide_quic_data(). A 5-bytes header is created at the head
of these records. This header is used as AAD to cipher the record. But
the length of this AAD was counted two times. One time here in
quic_tls_compat_create_record() (initialization):

	 adlen = quic_tls_compat_create_header(qc, rec, ad, 0);

and a second time here in the same function after quic_tls_tls_seal() return:

     ret = aad_len + outlen;

This addition is useless. Note that this bug could be reproduced when haproxy has
to authenticate the client.

Thank you to @vifino for having reported this issue in GH #2381.

Must be backported to 2.8.

src/quic_openssl_compat.c

@@ -347,7 +347,7 @@ static int quic_tls_compat_create_record(struct quic_conn *qc,
 	                       nonce, rec->payload, rec->payload_len, ad, adlen))
 		goto leave;
 
-	ret = adlen + outlen;
+	ret = outlen;
 leave:
 	TRACE_LEAVE(QUIC_EV_CONN_SSL_COMPAT, qc);
 	return ret;