BUG/MINOR: quic: reject packet with no frame

RFC 9000 indicates that a QUIC packet with no frame must trigger a
connection closure with PROTOCOL_VIOLATION error code. Implement this
via an early return inside qc_parse_pkt_frms().

This should be backported up to 2.6.

diff --git a/src/quic_rx.c b/src/quic_rx.c
index 3489fef332d46d3752246bf1d0663f4d5e8f93ea..4685d631492e8dc9434d21eb5f8cc605563663f0 100644 (file)
--- a/src/quic_rx.c
+++ b/src/quic_rx.c
@@ -942,6 +942,20 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
        pos = pkt->data + pkt->aad_len;
        end = pkt->data + pkt->len;
 
+       /* Packet with no frame. */
+       if (pos == end) {
+               /* RFC9000 12.4. Frames and Frame Types
+                *
+                * The payload of a packet that contains frames MUST contain at least
+                * one frame, and MAY contain multiple frames and multiple frame types.
+                * An endpoint MUST treat receipt of a packet containing no frames as a
+                * connection error of type PROTOCOL_VIOLATION. Frames always fit within
+                * a single QUIC packet and cannot span multiple packets.
+                */
+               quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
+               goto leave;
+       }
+
        while (pos < end) {
                if (!qc_parse_frm(&frm, pkt, &pos, end, qc)) {
                        // trace already emitted by function above