From: Amaury Denoyelle Date: Mon, 4 Jul 2022 08:02:04 +0000 (+0200) Subject: MINOR: mux-quic: emit FINAL_SIZE_ERROR on invalid STREAM size X-Git-Tag: v2.7-dev2~99 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf91e3922bdea9034e6d19b2913d89707ae1d1f3;p=thirdparty%2Fhaproxy.git MINOR: mux-quic: emit FINAL_SIZE_ERROR on invalid STREAM size Add a check on stream size when the stream is in state Size Known. In this case, a STREAM frame cannot change the stream size. If this is not respected, a CONNECTION_CLOSE with FINAL_SIZE_ERROR will be emitted as specified in the RFC 9000. --- diff --git a/src/mux_quic.c b/src/mux_quic.c index ccdcf54c61..36fdc79174 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -606,15 +606,26 @@ int qcc_recv(struct qcc *qcc, uint64_t id, uint64_t len, uint64_t offset, if (!qcs) return 0; + /* RFC 9000 4.5. Stream Final Size + * + * Once a final size for a stream is known, it cannot change. If a + * RESET_STREAM or STREAM frame is received indicating a change in the + * final size for the stream, an endpoint SHOULD respond with an error + * of type FINAL_SIZE_ERROR; see Section 11 for details on error + * handling. + */ + if (qcs->flags & QC_SF_SIZE_KNOWN && + (offset + len > qcs->rx.offset_max || (fin && offset + len < qcs->rx.offset_max))) { + TRACE_DEVEL("leaving on final size error", QMUX_EV_QCC_RECV|QMUX_EV_QCS_RECV, qcc->conn, qcs); + qcc_emit_cc(qcc, QC_ERR_FINAL_SIZE_ERROR); + return 0; + } + if (offset + len <= qcs->rx.offset) { TRACE_DEVEL("leaving on already received offset", QMUX_EV_QCC_RECV|QMUX_EV_QCS_RECV, qcc->conn, qcs); return 0; } - /* TODO if last frame already received, stream size must not change. - * Else send FINAL_SIZE_ERROR. - */ - if (offset + len > qcs->rx.offset_max) { uint64_t diff = offset + len - qcs->rx.offset_max; qcs->rx.offset_max = offset + len;