From: Hugo Landau <hlandau@openssl.org>
Date: Tue, 6 Jun 2023 15:25:11 +0000 (+0100)
Subject: QUIC CONFORMANCE: RFC 9000 s. 19.13: STREAM_DATA_BLOCKED Frames
X-Git-Tag: openssl-3.2.0-alpha1~439
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f084a8f7615c64cb55cb9de5669025eaa50eef6a;p=thirdparty%2Fopenssl.git

QUIC CONFORMANCE: RFC 9000 s. 19.13: STREAM_DATA_BLOCKED Frames

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
---

diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c
index aa107455078..be4772e2f37 100644
--- a/ssl/quic/quic_rx_depack.c
+++ b/ssl/quic/quic_rx_depack.c
@@ -796,6 +796,23 @@ static int depack_do_frame_stream_data_blocked(PACKET *pkt,
                                           &stream))
         return 0; /* error already raised for us */
 
+    if (stream == NULL)
+        return 1; /* old deleted stream, not a protocol violation, ignore */
+
+    if (!ossl_quic_stream_has_recv(stream)) {
+        /*
+         * RFC 9000 s. 19.14: "An endpoint that receives a STREAM_DATA_BLOCKED
+         * frame for a send-only stream MUST terminate the connection with error
+         * STREAM_STATE_ERROR."
+         */
+        ossl_quic_channel_raise_protocol_error(ch,
+                                               QUIC_ERR_STREAM_STATE_ERROR,
+                                               OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED,
+                                               "STREAM_DATA_BLOCKED frame for "
+                                               "TX only stream");
+        return 0;
+    }
+
     /* No-op - informative/debugging frame. */
     return 1;
 }