From 65838f34a85c369c919a8f6df7d3477f79efc8fd Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Thu, 11 Aug 2016 15:27:46 +0700
Subject: [PATCH] limit number of tracked skipped packet numbers in
 SentPacketHandler

---
 ackhandler/sent_packet_handler.go      |  4 ++++
 ackhandler/sent_packet_handler_test.go | 11 +++++++++++
 protocol/server_parameters.go          |  3 +++
 3 files changed, 18 insertions(+)

diff --git a/ackhandler/sent_packet_handler.go b/ackhandler/sent_packet_handler.go
index d21bef449..299777ea5 100644
--- a/ackhandler/sent_packet_handler.go
+++ b/ackhandler/sent_packet_handler.go
@@ -127,6 +127,10 @@ func (h *sentPacketHandler) SentPacket(packet *ackhandlerlegacy.Packet) error {
 
 	for p := h.lastSentPacketNumber + 1; p < packet.PacketNumber; p++ {
 		h.skippedPackets = append(h.skippedPackets, p)
+
+		if len(h.skippedPackets) > protocol.MaxTrackedSkippedPackets {
+			h.skippedPackets = h.skippedPackets[1:]
+		}
 	}
 
 	now := time.Now()
diff --git a/ackhandler/sent_packet_handler_test.go b/ackhandler/sent_packet_handler_test.go
index 8f9e2cbd7..ecc2ce8c1 100644
--- a/ackhandler/sent_packet_handler_test.go
+++ b/ackhandler/sent_packet_handler_test.go
@@ -175,6 +175,17 @@ var _ = Describe("SentPacketHandler", func() {
 				Expect(handler.skippedPackets).To(HaveLen(2))
 				Expect(handler.skippedPackets).To(Equal([]protocol.PacketNumber{2, 3}))
 			})
+
+			It("limits the lengths of the skipped packet slice", func() {
+				for i := 0; i < protocol.MaxTrackedSkippedPackets+5; i++ {
+					packet := ackhandlerlegacy.Packet{PacketNumber: protocol.PacketNumber(2*i + 1), Frames: []frames.Frame{&streamFrame}, Length: 1}
+					err := handler.SentPacket(&packet)
+					Expect(err).ToNot(HaveOccurred())
+				}
+				Expect(handler.skippedPackets).To(HaveLen(protocol.MaxUndecryptablePackets))
+				Expect(handler.skippedPackets[0]).To(Equal(protocol.PacketNumber(10)))
+				Expect(handler.skippedPackets[protocol.MaxTrackedSkippedPackets-1]).To(Equal(protocol.PacketNumber(10 + 2*(protocol.MaxTrackedSkippedPackets-1))))
+			})
 		})
 	})
 
diff --git a/protocol/server_parameters.go b/protocol/server_parameters.go
index bcb85b089..9c132f444 100644
--- a/protocol/server_parameters.go
+++ b/protocol/server_parameters.go
@@ -47,6 +47,9 @@ const RetransmissionThreshold uint8 = 3
 // SkipPacketAveragePeriodLength is the average period length in which one packet number is skipped to prevent an Optimistic ACK attack
 const SkipPacketAveragePeriodLength PacketNumber = 500
 
+// MaxTrackedSkippedPackets is the maximum number of skipped packet numbers the SentPacketHandler keep track of for Optimistic ACK attack mitigation
+const MaxTrackedSkippedPackets int = 10
+
 // STKExpiryTimeSec is the valid time of a source address token in seconds
 const STKExpiryTimeSec = 24 * 60 * 60