gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

http3: reject duplicate control streams opened by the server (#4342)

Browse Source
This commit is contained in:
Marten Seemann
2024-03-03 17:58:24 +10:30
committed by GitHub
parent 9813766373
commit c5f7096f00
2 changed files with 38 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
http3/client.go
View File

@@ -183,6 +183,8 @@ func (c *client) handleBidirectionalStreams(conn quic.EarlyConnection) {
}
func (c *client) handleUnidirectionalStreams(conn quic.EarlyConnection) {
var rcvdControlStream atomic.Bool
for {
str, err := conn.AcceptUniStream(context.Background())
if err != nil {
@@ -217,6 +219,11 @@ func (c *client) handleUnidirectionalStreams(conn quic.EarlyConnection) {
str.CancelRead(quic.StreamErrorCode(ErrCodeStreamCreationError))
return
}
// Only a single control stream is allowed.
if isFirstControlStr := rcvdControlStream.CompareAndSwap(false, true); !isFirstControlStr {
conn.CloseWithError(quic.ApplicationErrorCode(ErrCodeStreamCreationError), "duplicate control stream")
return
}
f, err := parseNextFrame(str, nil)
if err != nil {
conn.CloseWithError(quic.ApplicationErrorCode(ErrCodeFrameError), "")