QUIC Conformance: Frame Handling Tests

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)

3 files changed, 11 insertions, 17 deletions

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index c0ce222d86..30b5faf24b 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -2629,7 +2629,6 @@ void ossl_quic_channel_on_new_conn_id(QUIC_CHANNEL *ch,
         return;
 
     /* We allow only two active connection ids; first check some constraints */
-
     if (ch->cur_remote_dcid.id_len == 0) {
         /* Changing from 0 length connection id is disallowed */
         ossl_quic_channel_raise_protocol_error(ch,
diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c
index 11404f3146..58d2fc4596 100644
--- a/ssl/quic/quic_rx_depack.c
+++ b/ssl/quic/quic_rx_depack.c
@@ -515,21 +515,6 @@ static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch,
         return 0;
     }
 
-    /*
-     * RFC 9000 s. 19.8: "The largest offset delivered on a stream -- the sum of
-     * the offset and data length -- cannot exceed 2**62 - 1, as it is not
-     * possible to provide flow control credit for that data. Receipt of a frame
-     * that exceeds this limit MUST be treated as a connection error of type
-     * FRAME_ENCODING_ERROR or FLOW_CONTROL_ERROR."
-     */
-    if (frame_data.offset + frame_data.len > (((uint64_t)1) << 62) - 1) {
-        ossl_quic_channel_raise_protocol_error(ch,
-                                               QUIC_ERR_FRAME_ENCODING_ERROR,
-                                               frame_type,
-                                               "oversize stream");
-        return 0;
-    }
-
     switch (stream->recv_state) {
     case QUIC_RSTREAM_STATE_RECV:
     case QUIC_RSTREAM_STATE_SIZE_KNOWN:
diff --git a/ssl/quic/quic_wire.c b/ssl/quic/quic_wire.c
index 2412e9afa5..22214069ec 100644
--- a/ssl/quic/quic_wire.c
+++ b/ssl/quic/quic_wire.c
@@ -318,7 +318,8 @@ int ossl_quic_wire_encode_frame_streams_blocked(WPACKET *pkt,
 int ossl_quic_wire_encode_frame_new_conn_id(WPACKET *pkt,
                                             const OSSL_QUIC_FRAME_NEW_CONN_ID *f)
 {
-    if (f->conn_id.id_len > QUIC_MAX_CONN_ID_LEN)
+    if (f->conn_id.id_len < 1
+        || f->conn_id.id_len > QUIC_MAX_CONN_ID_LEN)
         return 0;
 
     if (!encode_frame_hdr(pkt, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID)
@@ -683,6 +684,14 @@ int ossl_quic_wire_decode_frame_stream(PACKET *pkt,
             f->len = PACKET_remaining(pkt);
     }
 
+    /*
+     * RFC 9000 s. 19.8: "The largest offset delivered on a stream -- the sum of
+     * the offset and data length -- cannot exceed 2**62 - 1, as it is not
+     * possible to provide flow control credit for that data."
+     */
+    if (f->offset + f->len > (((uint64_t)1) << 62) - 1)
+        return 0;
+
     if (nodata) {
         f->data = NULL;
     } else {
@@ -774,6 +783,7 @@ int ossl_quic_wire_decode_frame_new_conn_id(PACKET *pkt,
             || !PACKET_get_quic_vlint(pkt, &f->retire_prior_to)
             || f->seq_num < f->retire_prior_to
             || !PACKET_get_1(pkt, &len)
+            || len < 1
             || len > QUIC_MAX_CONN_ID_LEN)
         return 0;