mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

QUIC CONFORMANCE: Enforce packet header reserved bits

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
This commit is contained in:
Hugo Landau 2023-06-06 16:25:11 +01:00 committed by Pauli
parent 5b9452e037
commit 08cb9a8327
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ssl/quic/quic_channel.c
View File

@ -1822,6 +1822,18 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch)
*/
return;
/*
* RFC 9000 s. 17.2: "An endpoint MUST treat receipt of a packet that has a
* non-zero value for [the reserved bits] after removing both packet and
* header protection as a connection error of type PROTOCOL_VIOLATION."
*/
if (ossl_quic_pkt_type_is_encrypted(ch->qrx_pkt->hdr->type)
&& ch->qrx_pkt->hdr->reserved != 0) {
ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_PROTOCOL_VIOLATION,
0, "packet header reserved bits");
return;
}
/* Handle incoming packet. */
switch (ch->qrx_pkt->hdr->type) {
case QUIC_PKT_TYPE_RETRY: