Google Git
Sign in
quiche / quiche / 072da7cf7c5fccf1a3a058c59d8d44e6638ac1c7^! / . / quic / core / quic_framer_test.cc
commit072da7cf7c5fccf1a3a058c59d8d44e6638ac1c7[log] [tgz]
authordschinazi <dschinazi@google.com>Tue May 07 17:57:42 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Tue May 07 21:03:30 2019 -0700
tree99cd53afd03472493ac0afa628c87dd2b90112a6
parentc2fba1112782fca82c93d3d9b1f8cd9cfe013b7f [diff] [blame]
Make server drop IETF QUIC Version Negotiation packets

It is invalid for a client to send a Version Negotiation packet. Servers should drop them instead of trying to parse them as a packet for unsupported version 0.

gfe-relnote: drop version negotiation, protected by gfe2_restart_flag_quic_server_drop_version_negotiation
PiperOrigin-RevId: 247126958
Change-Id: Ia7272de96fa750ec5b4743b6596fc70c8ce5d128

diff --git a/quic/core/quic_framer_test.cc b/quic/core/quic_framer_test.cc
index ddf8076..3082a94 100644
--- a/quic/core/quic_framer_test.cc
+++ b/quic/core/quic_framer_test.cc

@@ -5398,7 +5398,7 @@
   ASSERT_FALSE(visitor_.stateless_reset_packet_);
 }
 
-TEST_P(QuicFramerTest, VersionNegotiationPacket) {
+TEST_P(QuicFramerTest, VersionNegotiationPacketClient) {
   // clang-format off
   PacketFragments packet = {
       // public flags (version, 8 byte connection_id)
@@ -5453,6 +5453,39 @@
   CheckFramingBoundaries(fragments, QUIC_INVALID_VERSION_NEGOTIATION_PACKET);
 }
 
+TEST_P(QuicFramerTest, VersionNegotiationPacketServer) {
+  if (!GetQuicRestartFlag(quic_server_drop_version_negotiation)) {
+    return;
+  }
+  if (framer_.transport_version() < QUIC_VERSION_44) {
+    return;
+  }
+
+  QuicFramerPeer::SetPerspective(&framer_, Perspective::IS_SERVER);
+  // clang-format off
+  unsigned char packet[] = {
+      // public flags (long header with all ignored bits set)
+      0xFF,
+      // version
+      0x00, 0x00, 0x00, 0x00,
+      // connection ID lengths
+      0x50,
+      // destination connection ID
+      0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x11,
+      // supported versions
+      QUIC_VERSION_BYTES,
+      'Q', '2', '.', '0',
+  };
+  // clang-format on
+
+  QuicEncryptedPacket encrypted(AsChars(packet), QUIC_ARRAYSIZE(packet), false);
+  EXPECT_FALSE(framer_.ProcessPacket(encrypted));
+  EXPECT_EQ(QUIC_INVALID_VERSION_NEGOTIATION_PACKET, framer_.error());
+  EXPECT_EQ("Server received version negotiation packet.",
+            framer_.detailed_error());
+  EXPECT_FALSE(visitor_.version_negotiation_packet_.get());
+}
+
 TEST_P(QuicFramerTest, OldVersionNegotiationPacket) {
   // clang-format off
   PacketFragments packet = {
@@ -13323,7 +13356,7 @@
 
   // clang-format off
   PacketFragments packet = {
-    // public flags (long header with version present)
+    // public flags (Google QUIC header with version present)
     {"Unable to read public flags.",
      {0x09}},
     // connection_id