From 44513a528cf129364361754f6b21f3745c337717 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Tue, 20 Nov 2018 12:09:03 +0700
Subject: [PATCH] drop short header packets for unknown sessions

---
 packet_handler_map.go      | 18 +++++++++++-------
 packet_handler_map_test.go |  2 +-
 server.go                  |  8 +++-----
 server_test.go             | 24 ++++++++++++++++--------
 4 files changed, 31 insertions(+), 21 deletions(-)

diff --git a/packet_handler_map.go b/packet_handler_map.go
index 32496758..784dced3 100644
--- a/packet_handler_map.go
+++ b/packet_handler_map.go
@@ -185,14 +185,18 @@ func (h *packetHandlerMap) handlePacket(addr net.Addr, data []byte) error {
 		handlePacket = handler.handlePacket
 	} else { // no session found
 		// this might be a stateless reset
-		if !iHdr.IsLongHeader && len(data) >= protocol.MinStatelessResetSize {
-			var token [16]byte
-			copy(token[:], data[len(data)-16:])
-			if sess, ok := h.resetTokens[token]; ok {
-				h.mutex.RUnlock()
-				sess.destroy(errors.New("received a stateless reset"))
-				return nil
+		if !iHdr.IsLongHeader {
+			if len(data) >= protocol.MinStatelessResetSize {
+				var token [16]byte
+				copy(token[:], data[len(data)-16:])
+				if sess, ok := h.resetTokens[token]; ok {
+					h.mutex.RUnlock()
+					sess.destroy(errors.New("received a stateless reset"))
+					return nil
+				}
 			}
+			// TODO(#943): send a stateless reset
+			return fmt.Errorf("received a short header packet with an unexpected connection ID %s", iHdr.DestConnectionID)
 		}
 		if server == nil { // no server set
 			h.mutex.RUnlock()
diff --git a/packet_handler_map_test.go b/packet_handler_map_test.go
index dd2202a7..a4b3aa09 100644
--- a/packet_handler_map_test.go
+++ b/packet_handler_map_test.go
@@ -227,7 +227,7 @@ var _ = Describe("Packet Handler Map", func() {
 			Expect(handler.handlePacket(nil, getPacket(connID))).To(MatchError("received a packet with an unexpected connection ID 0xdeadbeef42"))
 			packet := append([]byte{0x40, 0xde, 0xca, 0xfb, 0xad, 0x99} /* short header packet */, make([]byte, 50)...)
 			packet = append(packet, token[:]...)
-			Expect(handler.handlePacket(nil, packet)).To(MatchError("received a packet with an unexpected connection ID 0xdecafbad99"))
+			Expect(handler.handlePacket(nil, packet)).To(MatchError("received a short header packet with an unexpected connection ID 0xdecafbad99"))
 			Expect(handler.resetTokens).To(BeEmpty())
 		})
 	})
diff --git a/server.go b/server.go
index 3a5c8370..5f862c5b 100644
--- a/server.go
+++ b/server.go
@@ -308,11 +308,9 @@ func (s *server) handlePacket(p *receivedPacket) {
 func (s *server) handlePacketImpl(p *receivedPacket) error {
 	hdr := p.header
 
-	if hdr.IsLongHeader {
-		// send a Version Negotiation Packet if the client is speaking a different protocol version
-		if !protocol.IsSupportedVersion(s.config.Versions, hdr.Version) {
-			return s.sendVersionNegotiationPacket(p)
-		}
+	// send a Version Negotiation Packet if the client is speaking a different protocol version
+	if !protocol.IsSupportedVersion(s.config.Versions, hdr.Version) {
+		return s.sendVersionNegotiationPacket(p)
 	}
 	if hdr.Type == protocol.PacketTypeInitial {
 		go s.handleInitial(p)
diff --git a/server_test.go b/server_test.go
index d63ba735..6418289b 100644
--- a/server_test.go
+++ b/server_test.go
@@ -129,27 +129,33 @@ var _ = Describe("Server", func() {
 				},
 				data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize-100),
 			})
-			Expect(conn.dataWritten.Len()).To(BeZero())
+			Consistently(conn.dataWritten.Len).Should(BeZero())
 		})
 
 		It("drops packets with a too short connection ID", func() {
 			hdr := &wire.Header{
+				IsLongHeader:     true,
+				Type:             protocol.PacketTypeInitial,
 				SrcConnectionID:  protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8},
 				DestConnectionID: protocol.ConnectionID{1, 2, 3, 4},
+				Version:          serv.config.Versions[0],
 				PacketNumberLen:  protocol.PacketNumberLen1,
 			}
 			serv.handlePacket(&receivedPacket{
 				header: hdr,
 				data:   bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize),
 			})
-			Expect(conn.dataWritten.Len()).To(BeZero())
+			Consistently(conn.dataWritten.Len).Should(BeZero())
 		})
 
 		It("drops non-Initial packets", func() {
 			serv.logger.SetLogLevel(utils.LogLevelDebug)
 			serv.handlePacket(&receivedPacket{
-				header: &wire.Header{Type: protocol.PacketTypeHandshake},
-				data:   []byte("invalid"),
+				header: &wire.Header{
+					Type:    protocol.PacketTypeHandshake,
+					Version: serv.config.Versions[0],
+				},
+				data: []byte("invalid"),
 			})
 		})
 
@@ -170,8 +176,9 @@ var _ = Describe("Server", func() {
 			serv.handlePacket(&receivedPacket{
 				remoteAddr: raddr,
 				header: &wire.Header{
-					Type:  protocol.PacketTypeInitial,
-					Token: token,
+					Type:    protocol.PacketTypeInitial,
+					Token:   token,
+					Version: serv.config.Versions[0],
 				},
 				data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize),
 			})
@@ -193,8 +200,9 @@ var _ = Describe("Server", func() {
 			serv.handlePacket(&receivedPacket{
 				remoteAddr: raddr,
 				header: &wire.Header{
-					Type:  protocol.PacketTypeInitial,
-					Token: []byte("foobar"),
+					Type:    protocol.PacketTypeInitial,
+					Token:   []byte("foobar"),
+					Version: serv.config.Versions[0],
 				},
 				data: bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize),
 			})