commit ecad9644724746dd525dcf42e5736ea749b56ee4
author dschinazi <dschinazi@google.com> Tue Oct 01 10:44:17 2019 -0700
committer Copybara-Service <copybara-worker@google.com> Tue Oct 01 12:57:56 2019 -0700
tree bb3e2f1f052677117efa78717c687dfed5bbffc7
parent 20a9ad92587e07e29a2e1c3563365bc6dbcce03c

Prevent fuzzer from sending unsupported RETRY packets

This CL also adds some DCHECKs and QUIC_BUGs that helped debug this, and a trivial refactor in test code.

gfe-relnote: adds QUIC_BUG in send path, not flag protected
PiperOrigin-RevId: 272244952
Change-Id: Icb77bbb2e498ef02ddc13a839834ddf9d8ed7632

quic/core/quic_framer.cc

diff --git a/quic/core/quic_framer.cc b/quic/core/quic_framer.cc
index a6a663b..0d09199 100644
--- a/quic/core/quic_framer.cc
+++ b/quic/core/quic_framer.cc
@@ -863,6 +863,10 @@
                                    char* buffer,
                                    size_t packet_length,
                                    EncryptionLevel level) {
+  QUIC_BUG_IF(header.version_flag &&
+              VersionHasIetfInvariantHeader(transport_version()) &&
+              header.long_packet_type == RETRY && !frames.empty())
+      << "IETF RETRY packets cannot contain frames " << header;
   QuicDataWriter writer(packet_length, buffer);
   size_t length_field_offset = 0;
   if (!AppendPacketHeader(header, &writer, &length_field_offset)) {
@@ -2160,6 +2164,11 @@
   }
 
   if (header.version_flag) {
+    DCHECK_NE(VERSION_NEGOTIATION, header.long_packet_type)
+        << "QuicFramer::AppendIetfPacketHeader does not support sending "
+           "version negotiation packets, use "
+           "QuicFramer::BuildVersionNegotiationPacket instead "
+        << header;
     // Append version for long header.
     QuicVersionLabel version_label = CreateQuicVersionLabel(version_);
     if (!writer->WriteUInt32(version_label)) {
@@ -2186,6 +2195,10 @@
         GetClientConnectionIdAsSender(header, perspective_);
   }
 
+  // TODO(b/141924462) Remove this QUIC_BUG once we do support sending RETRY.
+  QUIC_BUG_IF(header.version_flag && header.long_packet_type == RETRY)
+      << "Sending IETF RETRY packets is not currently supported " << header;
+
   if (QuicVersionHasLongHeaderLengths(transport_version()) &&
       header.version_flag) {
     if (header.long_packet_type == INITIAL) {