reject NEW_CONNECTION_ID frames with invalid Retire Prior To values

2019-08-17 11:07:38 +07:00
parent bb4cfe29cb
commit 6bcd740f56
2 changed files with 15 additions and 0 deletions
--- a/internal/wire/new_connection_id_frame.go
+++ b/internal/wire/new_connection_id_frame.go
@@ -31,6 +31,9 @@ func parseNewConnectionIDFrame(r *bytes.Reader, _ protocol.VersionNumber) (*NewC
 	if err != nil {
 		return nil, err
 	}
+	if ret > seq {
+		return nil, fmt.Errorf("Retire Prior To value (%d) larger than Sequence Number (%d)", ret, seq)
+	}
 	connIDLen, err := r.ReadByte()
 	if err != nil {
 		return nil, err
--- a/internal/wire/new_connection_id_frame_test.go
+++ b/internal/wire/new_connection_id_frame_test.go
@@ -28,6 +28,18 @@ var _ = Describe("NEW_CONNECTION_ID frame", func() {
 			Expect(string(frame.StatelessResetToken[:])).To(Equal("deadbeefdecafbad"))
 		})

+		It("errors when the Retire Prior To value is larger than the Sequence Number", func() {
+			data := []byte{0x18}
+			data = append(data, encodeVarInt(1000)...) // sequence number
+			data = append(data, encodeVarInt(1001)...) // retire prior to
+			data = append(data, 3)
+			data = append(data, []byte{1, 2, 3}...)
+			data = append(data, []byte("deadbeefdecafbad")...) // stateless reset token
+			b := bytes.NewReader(data)
+			_, err := parseNewConnectionIDFrame(b, versionIETFFrames)
+			Expect(err).To(MatchError("Retire Prior To value (1001) larger than Sequence Number (1000)"))
+		})
+
 		It("errors when the connection ID has an invalid length", func() {
 			data := []byte{0x18}
 			data = append(data, encodeVarInt(0xdeadbeef)...)                                                          // sequence number