Add connection ID length checks
These changes only impact behavior for versions that support variable length connection IDs, and all of those versions are disabled by flags, so we don't need extra flag protection.
gfe-relnote: add connection ID length checks, protected by disabled quic_enable_v47 flag
PiperOrigin-RevId: 261237221
Change-Id: I89e7bec58644b7ec18e3c7ce3ecbd6d93c9c0fc3
diff --git a/quic/core/quic_dispatcher.cc b/quic/core/quic_dispatcher.cc
index 7522703..1782e4a 100644
--- a/quic/core/quic_dispatcher.cc
+++ b/quic/core/quic_dispatcher.cc
@@ -263,6 +263,26 @@
QUIC_DLOG(ERROR) << "Invalid Connection Id Length";
return;
}
+
+ if (packet_info.version_flag && IsSupportedVersion(packet_info.version)) {
+ if (!QuicUtils::IsConnectionIdValidForVersion(
+ packet_info.destination_connection_id,
+ packet_info.version.transport_version)) {
+ SetLastError(QUIC_INVALID_PACKET_HEADER);
+ QUIC_DLOG(ERROR)
+ << "Invalid destination connection ID length for version";
+ return;
+ }
+ if (packet_info.version.SupportsClientConnectionIds() &&
+ !QuicUtils::IsConnectionIdValidForVersion(
+ packet_info.source_connection_id,
+ packet_info.version.transport_version)) {
+ SetLastError(QUIC_INVALID_PACKET_HEADER);
+ QUIC_DLOG(ERROR) << "Invalid source connection ID length for version";
+ return;
+ }
+ }
+
if (should_update_expected_server_connection_id_length_) {
expected_server_connection_id_length_ =
packet_info.destination_connection_id.length();