In QuicCryptoServerConfig::ParseConfigProtobuf, treat an empty SCID as the same as a missing one. i.e. return nullptr.

Protected by FLAGS_quic_restart_flag_quic_return_error_on_empty_scid.

PiperOrigin-RevId: 479604874

quiche/quic/core/crypto/quic_crypto_server_config.cc

diff --git a/quiche/quic/core/crypto/quic_crypto_server_config.cc b/quiche/quic/core/crypto/quic_crypto_server_config.cc
index 7a651bf..e2ee0eb 100644
--- a/quiche/quic/core/crypto/quic_crypto_server_config.cc
+++ b/quiche/quic/core/crypto/quic_crypto_server_config.cc
@@ -1610,6 +1610,11 @@
     QUIC_LOG(WARNING) << "Server config message is missing SCID";
     return nullptr;
   }
+  if (GetQuicRestartFlag(quic_return_error_on_empty_scid) && scid.empty()) {
+    QUIC_RESTART_FLAG_COUNT(quic_return_error_on_empty_scid);
+    QUIC_LOG(WARNING) << "Server config message contains an empty SCID";
+    return nullptr;
+  }
   QUICHE_DCHECK(!scid.empty());
   config->id = std::string(scid);
 

quiche/quic/core/quic_flags_list.h

diff --git a/quiche/quic/core/quic_flags_list.h b/quiche/quic/core/quic_flags_list.h
index c6ea94e..2cdef18 100644
--- a/quiche/quic/core/quic_flags_list.h
+++ b/quiche/quic/core/quic_flags_list.h
@@ -25,6 +25,8 @@
 QUIC_FLAG(quic_reloadable_flag_quic_enable_mtu_discovery_at_server, false)
 // If true, QuicConnectionContext will track the decrypted payload and the offset of the current frame, for debugging.
 QUIC_FLAG(quic_reloadable_flag_quic_add_process_packet_context, true)
+// If true, QuicCryptoServerConfig::ParseConfigProtobuf will treat an empty SCID as the same as non-existent.
+QUIC_FLAG(quic_restart_flag_quic_return_error_on_empty_scid, false)
 // If true, QuicGsoBatchWriter will support release time if it is available and the process has the permission to do so.
 QUIC_FLAG(quic_restart_flag_quic_support_release_time_for_gso, false)
 // If true, ack frequency frame can be sent from server to client.