From ce3106baba7601bfaf1d1412221e18dec4878e18 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 1 Dec 2022 16:36:08 +0000
Subject: [PATCH] Treat unknown frames as a protocol error

From RFC9000, section 19.21 "An extension to QUIC that wishes to use a new
type of frame MUST first ensure that a peer is able to understand the
frame". So if we receive an unknown frame type from a peer we should treat
it as a protocol violation. In fact we ignore it, and ignore all the
contents of the rest of the packet and continue on regardless.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
---
 ssl/quic/quic_rx_depack.c | 34 +++++++---------------------------
 1 file changed, 7 insertions(+), 27 deletions(-)

diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c
index 939df84c9dd..df44a79c90e 100644
--- a/ssl/quic/quic_rx_depack.c
+++ b/ssl/quic/quic_rx_depack.c
@@ -605,28 +605,6 @@ static int depack_do_frame_handshake_done(PACKET *pkt,
     return 1;
 }
 
-static int depack_do_frame_unknown_extension(PACKET *pkt,
-                                             QUIC_CHANNEL *ch,
-                                             OSSL_ACKM_RX_PKT *ackm_data)
-{
-    /*
-     * According to RFC 9000, 19.21. Extension Frames, extension frames
-     * should be ACK eliciting.  It might be over zealous to do so for
-     * extensions OpenSSL doesn't know how to handle, but shouldn't hurt
-     * either.
-     */
-
-    /* This frame makes the packet ACK eliciting */
-    ackm_data->is_ack_eliciting = 1;
-
-    /*
-     * Because we have no idea how to advance to the next frame, we return 0
-     * everywhere, thereby stopping the depacketizing process.
-     */
-
-    return 0;
-}
-
 /* Main frame processor */
 
 static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
@@ -911,11 +889,13 @@ static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
             break;
 
         default:
-            /* Unknown frame type. */
-            if (!depack_do_frame_unknown_extension(pkt, ch, ackm_data))
-                return 0;
-
-            break;
+            /* Unknown frame type */
+            ackm_data->is_ack_eliciting = 1;
+            ossl_quic_channel_raise_protocol_error(ch,
+                                                   QUIC_ERR_PROTOCOL_VIOLATION,
+                                                   frame_type,
+                                                   "Unknown frame type received");
+            return 0;
         }
     }
 
-- 
2.47.2