only accept 3 retries

While the server is allowed to perform multiple Retries, the client
should impose a limit in order to avoid being caught in an endless loop.

client.go

@@ -29,7 +29,8 @@ type client struct {
 
 	packetHandlers packetHandlerManager
 
-	token []byte
+	token      []byte
+	numRetries int
 
 	versionNegotiated                bool // has the server accepted our version
 	receivedVersionNegotiationPacket bool
@@ -495,6 +496,11 @@ func (c *client) handleRetryPacket(hdr *wire.Header) {
 		c.logger.Debugf("Received spoofed Retry. Original Destination Connection ID: %s, expected: %s", hdr.OrigDestConnectionID, c.destConnID)
 		return
 	}
+	c.numRetries++
+	if c.numRetries > protocol.MaxRetries {
+		c.session.destroy(qerr.CryptoTooManyRejects)
+		return
+	}
 	c.destConnID = hdr.SrcConnectionID
 	c.token = hdr.Token
 	c.session.destroy(errCloseSessionForRetry)