gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

drop Initial packets that don't fulfill the min size requirement

Browse Source
This commit is contained in:
Marten Seemann
2017-12-08 12:37:04 +07:00
parent 23ce5a8554
commit ef89e7aa17
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server_tls.go
View File

@@ -2,6 +2,7 @@ package quic
import (
"crypto/tls"
"errors"
"fmt"
"net"
@@ -98,7 +99,9 @@ func (s *serverTLS) newMintConnImpl(bc *handshake.CryptoStreamConn, v protocol.V
}
func (s *serverTLS) handleInitialImpl(remoteAddr net.Addr, hdr *wire.Header, data []byte) (packetHandler, error) {
// TODO: check length requirement
if len(hdr.Raw)+len(data) < protocol.MinInitialPacketSize {
return nil, errors.New("dropping too small Initial packet")
}
// check version, if not matching send VNP
if !protocol.IsSupportedVersion(s.supportedVersions, hdr.Version) {
utils.Debugf("Client offered version %s, sending VersionNegotiationPacket", hdr.Version)

15
server_tls_test.go
View File

@@ -58,11 +58,15 @@ var _ = Describe("Stateless TLS handling", func() {
buf := &bytes.Buffer{}
err = f.Write(buf, protocol.VersionTLS)
Expect(err).ToNot(HaveOccurred())
return hdr, aead.Seal(nil, buf.Bytes(), 1, hdr.Raw)
// pad the packet such that is has exactly the required minimum size
buf.Write(bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize-len(hdr.Raw)-aead.Overhead()-buf.Len()))
data := aead.Seal(nil, buf.Bytes(), 1, hdr.Raw)
Expect(len(hdr.Raw) + len(data)).To(Equal(protocol.MinInitialPacketSize))
return hdr, data
}
It("sends a version negotiation packet if it doesn't support the version", func() {
server.HandleInitial(nil, &wire.Header{Version: 0x1337}, nil)
server.HandleInitial(nil, &wire.Header{Version: 0x1337}, bytes.Repeat([]byte{0}, protocol.MinInitialPacketSize))
Expect(conn.dataWritten.Len()).ToNot(BeZero())
hdr, err := wire.ParseHeaderSentByServer(bytes.NewReader(conn.dataWritten.Bytes()), protocol.VersionUnknown)
Expect(err).ToNot(HaveOccurred())
@@ -70,6 +74,13 @@ var _ = Describe("Stateless TLS handling", func() {
Expect(sessionChan).ToNot(Receive())
})
It("drops too small packets", func() {
hdr, data := getPacket(&wire.StreamFrame{Data: []byte("Client Hello")})
data = data[:len(data)-1] // the packet is now 1 byte too small
server.HandleInitial(nil, hdr, data)
Expect(conn.dataWritten.Len()).To(BeZero())
})
It("ignores packets with invalid contents", func() {
hdr, data := getPacket(&wire.StreamFrame{StreamID: 10, Offset: 11, Data: []byte("foobar")})
server.HandleInitial(nil, hdr, data)