Add a checks on received max_udp_payload transport parameters. As
defined per RFC 9000, values below 1200 are invalid, and thus the
connection must be closed with TRANSPORT_PARAMETER_ERROR code.
Prior to this patch, an invalid value was silently ignored.
This should be backported up to 2.6. Note that is relies on previous
patch "MINOR: quic: extend return value on TP parsing".
case QUIC_TP_MAX_UDP_PAYLOAD_SIZE:
if (!quic_dec_int(&p->max_udp_payload_size, buf, end))
return QUIC_TP_DEC_ERR_TRUNC;
+
+ /* RFC 9000 18.2. Transport Parameter Definitions
+ *
+ * max_udp_payload_size (0x03): [...]
+ * The default for this parameter is the maximum permitted UDP
+ * payload of 65527. Values below 1200 are invalid.
+ */
+ if (p->max_udp_payload_size < 1200)
+ return QUIC_TP_DEC_ERR_INVAL;
+
break;
case QUIC_TP_INITIAL_MAX_DATA:
if (!quic_dec_int(&p->initial_max_data, buf, end))