From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Wed, 14 Feb 2024 17:13:08 +0000 (+0100)
Subject: BUG/MINOR: quic: reject HANDSHAKE_DONE as server
X-Git-Tag: v3.0-dev4~41
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc29ab437ea6348aa1defcab15a306742a9fd826;p=thirdparty%2Fhaproxy.git

BUG/MINOR: quic: reject HANDSHAKE_DONE as server

As specified in RFC 9000, a client must never emit a HANDSHAKE_DONE
frame. If this happens, the server must close the connection with error
PROTOCOL VIOLATION.

Previously, such a frame was silently discarded on server side. The
connection remained opened which is not conformant to the specification.

This should be backported up to 2.6.
---

diff --git a/src/quic_rx.c b/src/quic_rx.c
index 3a1a35faa3..14f4ca26c5 100644
--- a/src/quic_rx.c
+++ b/src/quic_rx.c
@@ -1056,6 +1056,14 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
 			if (qc_is_listener(qc)) {
 				TRACE_ERROR("non accepted QUIC_FT_HANDSHAKE_DONE frame",
 				            QUIC_EV_CONN_PRSHPKT, qc);
+
+				/* RFC 9000 19.20. HANDSHAKE_DONE Frames
+				 *
+				 * A
+				 * server MUST treat receipt of a HANDSHAKE_DONE frame as a connection
+				 * error of type PROTOCOL_VIOLATION.
+				 */
+				quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
 				goto leave;
 			}