In QuicCryptoServerConfig::ParseConfigProtobuf, treat an empty SCID as the same as a missing one. i.e. return nullptr.
Protected by FLAGS_quic_restart_flag_quic_return_error_on_empty_scid.
PiperOrigin-RevId: 479604874
diff --git a/quiche/quic/core/crypto/quic_crypto_server_config.cc b/quiche/quic/core/crypto/quic_crypto_server_config.cc
index 7a651bf..e2ee0eb 100644
--- a/quiche/quic/core/crypto/quic_crypto_server_config.cc
+++ b/quiche/quic/core/crypto/quic_crypto_server_config.cc
@@ -1610,6 +1610,11 @@
QUIC_LOG(WARNING) << "Server config message is missing SCID";
return nullptr;
}
+ if (GetQuicRestartFlag(quic_return_error_on_empty_scid) && scid.empty()) {
+ QUIC_RESTART_FLAG_COUNT(quic_return_error_on_empty_scid);
+ QUIC_LOG(WARNING) << "Server config message contains an empty SCID";
+ return nullptr;
+ }
QUICHE_DCHECK(!scid.empty());
config->id = std::string(scid);
diff --git a/quiche/quic/core/quic_flags_list.h b/quiche/quic/core/quic_flags_list.h
index c6ea94e..2cdef18 100644
--- a/quiche/quic/core/quic_flags_list.h
+++ b/quiche/quic/core/quic_flags_list.h
@@ -25,6 +25,8 @@
QUIC_FLAG(quic_reloadable_flag_quic_enable_mtu_discovery_at_server, false)
// If true, QuicConnectionContext will track the decrypted payload and the offset of the current frame, for debugging.
QUIC_FLAG(quic_reloadable_flag_quic_add_process_packet_context, true)
+// If true, QuicCryptoServerConfig::ParseConfigProtobuf will treat an empty SCID as the same as non-existent.
+QUIC_FLAG(quic_restart_flag_quic_return_error_on_empty_scid, false)
// If true, QuicGsoBatchWriter will support release time if it is available and the process has the permission to do so.
QUIC_FLAG(quic_restart_flag_quic_support_release_time_for_gso, false)
// If true, ack frequency frame can be sent from server to client.