Merge pull request #2072 from lucas-clemente/fix-new-conn-id-frame

fix connection ID length check in the NEW_CONNECTION_ID frame
2019-08-18 20:15:46 +07:00
parent 7df59b855f 6bcd740f56
commit b307b3d06f
2 changed files with 23 additions and 8 deletions
--- a/internal/wire/new_connection_id_frame.go
+++ b/internal/wire/new_connection_id_frame.go
@@ -31,11 +31,14 @@ func parseNewConnectionIDFrame(r *bytes.Reader, _ protocol.VersionNumber) (*NewC
 	if err != nil {
 		return nil, err
 	}
+	if ret > seq {
+		return nil, fmt.Errorf("Retire Prior To value (%d) larger than Sequence Number (%d)", ret, seq)
+	}
 	connIDLen, err := r.ReadByte()
 	if err != nil {
 		return nil, err
 	}
-	if connIDLen < 4 || connIDLen > 18 {
+	if connIDLen > protocol.MaxConnIDLen {
 		return nil, fmt.Errorf("invalid connection ID length: %d", connIDLen)
 	}
 	connID, err := protocol.ReadConnectionID(r, int(connIDLen))
@@ -62,7 +65,7 @@ func (f *NewConnectionIDFrame) Write(b *bytes.Buffer, _ protocol.VersionNumber)
 	utils.WriteVarInt(b, f.SequenceNumber)
 	utils.WriteVarInt(b, f.RetirePriorTo)
 	connIDLen := f.ConnectionID.Len()
-	if connIDLen < 4 || connIDLen > 18 {
+	if connIDLen > protocol.MaxConnIDLen {
 		return fmt.Errorf("invalid connection ID length: %d", connIDLen)
 	}
 	b.WriteByte(uint8(connIDLen))
--- a/internal/wire/new_connection_id_frame_test.go
+++ b/internal/wire/new_connection_id_frame_test.go
@@ -28,16 +28,28 @@ var _ = Describe("NEW_CONNECTION_ID frame", func() {
 			Expect(string(frame.StatelessResetToken[:])).To(Equal("deadbeefdecafbad"))
 		})

-		It("errors when the connection ID has an invalid length", func() {
+		It("errors when the Retire Prior To value is larger than the Sequence Number", func() {
 			data := []byte{0x18}
-			data = append(data, encodeVarInt(0xdeadbeef)...)   // sequence number
-			data = append(data, encodeVarInt(0xcafe)...)       // retire prior to
-			data = append(data, 3)                             // connection ID length
-			data = append(data, []byte{1, 2, 3}...)            // connection ID
+			data = append(data, encodeVarInt(1000)...) // sequence number
+			data = append(data, encodeVarInt(1001)...) // retire prior to
+			data = append(data, 3)
+			data = append(data, []byte{1, 2, 3}...)
 			data = append(data, []byte("deadbeefdecafbad")...) // stateless reset token
 			b := bytes.NewReader(data)
 			_, err := parseNewConnectionIDFrame(b, versionIETFFrames)
-			Expect(err).To(MatchError("invalid connection ID length: 3"))
+			Expect(err).To(MatchError("Retire Prior To value (1001) larger than Sequence Number (1000)"))
+		})
+
+		It("errors when the connection ID has an invalid length", func() {
+			data := []byte{0x18}
+			data = append(data, encodeVarInt(0xdeadbeef)...)                                                          // sequence number
+			data = append(data, encodeVarInt(0xcafe)...)                                                              // retire prior to
+			data = append(data, 21)                                                                                   // connection ID length
+			data = append(data, []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21}...) // connection ID
+			data = append(data, []byte("deadbeefdecafbad")...)                                                        // stateless reset token
+			b := bytes.NewReader(data)
+			_, err := parseNewConnectionIDFrame(b, versionIETFFrames)
+			Expect(err).To(MatchError("invalid connection ID length: 21"))
 		})

 		It("errors on EOFs", func() {