diff options
-rw-r--r-- | ssl/quic/quic_channel.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index 7504f06dfc..3da0caa4ea 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -1270,6 +1270,8 @@ static int ch_on_transport_params(const unsigned char *params, int got_initial_max_stream_data_uni = 0; int got_initial_max_streams_bidi = 0; int got_initial_max_streams_uni = 0; + int got_stateless_reset_token = 0; + int got_preferred_addr = 0; int got_ack_delay_exp = 0; int got_max_ack_delay = 0; int got_max_udp_payload_size = 0; @@ -1574,6 +1576,11 @@ static int ch_on_transport_params(const unsigned char *params, break; case QUIC_TPARAM_STATELESS_RESET_TOKEN: + if (got_stateless_reset_token) { + reason = TP_REASON_DUP("STATELESS_RESET_TOKEN"); + goto malformed; + } + /* * We must ensure a client doesn't send them because we don't have * processing for them. @@ -1595,12 +1602,17 @@ static int ch_on_transport_params(const unsigned char *params, goto malformed; } + got_stateless_reset_token = 1; break; case QUIC_TPARAM_PREFERRED_ADDR: { /* TODO(QUIC FUTURE): Handle preferred address. */ QUIC_PREFERRED_ADDR pfa; + if (got_preferred_addr) { + reason = TP_REASON_DUP("PREFERRED_ADDR"); + goto malformed; + } /* * RFC 9000 s. 18.2: "A server that chooses a zero-length @@ -1629,6 +1641,8 @@ static int ch_on_transport_params(const unsigned char *params, reason = "zero-length CID in PREFERRED_ADDR"; goto malformed; } + + got_preferred_addr = 1; } break; |