[trafficserver] branch quic-latest updated: Close connection if transport parameters are invalid

Sun, 10 Dec 2017 16:15:06 -0800 

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/quic-latest by this push:
     new ee1e415  Close connection if transport parameters are invalid
ee1e415 is described below

commit ee1e415b4a3599381b8532cdeff1169edd6f159a
Author: Masakazu Kitajo <mas...@apache.org>
AuthorDate: Mon Dec 11 09:14:12 2017 +0900

    Close connection if transport parameters are invalid
---
 iocore/net/quic/QUICHandshake.cc | 36 +++++++++++++++++++++++++-----------
 iocore/net/quic/QUICHandshake.h  |  2 ++
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/iocore/net/quic/QUICHandshake.cc b/iocore/net/quic/QUICHandshake.cc
index 32f727f..00dd25f 100644
--- a/iocore/net/quic/QUICHandshake.cc
+++ b/iocore/net/quic/QUICHandshake.cc
@@ -162,6 +162,13 @@ QUICHandshake::negotiated_application_name(const uint8_t 
**name, unsigned int *l
 void
 
QUICHandshake::set_transport_parameters(std::shared_ptr<QUICTransportParameters>
 tp)
 {
+  // An endpoint MUST treat receipt of duplicate transport parameters as a 
connection error of type TRANSPORT_PARAMETER_ERROR.
+  if (!tp->is_valid()) {
+    QUICHSDebug("Transport parameter is not valid");
+    this->_abort_handshake(QUICTransErrorCode::TRANSPORT_PARAMETER_ERROR);
+    return;
+  }
+
   this->_remote_transport_parameters = std::move(tp);
 
   const QUICTransportParametersInClientHello *tp_in_ch =
@@ -169,9 +176,8 @@ 
QUICHandshake::set_transport_parameters(std::shared_ptr<QUICTransportParameters>
   if (tp_in_ch) {
     // Version revalidation
     if (this->_version_negotiator->revalidate(tp_in_ch) != 
QUICVersionNegotiationStatus::REVALIDATED) {
-      this->_client_qc->close(QUICConnectionErrorUPtr(new 
QUICConnectionError(QUICTransErrorCode::VERSION_NEGOTIATION_ERROR)));
-      QUICHSDebug("Enter state_closed");
-      SET_HANDLER(&QUICHandshake::state_closed);
+      QUICHSDebug("Version revalidation failed");
+      this->_abort_handshake(QUICTransErrorCode::VERSION_NEGOTIATION_ERROR);
       return;
     }
     QUICHSDebug("Version negotiation revalidated: %x", 
tp_in_ch->negotiated_version());
@@ -214,13 +220,13 @@ QUICHandshake::state_read_client_hello(int event, Event 
*data)
   }
 
   if (error->cls != QUICErrorClass::NONE) {
+    QUICTransErrorCode code;
     if (dynamic_cast<QUICConnectionError *>(error.get()) != nullptr) {
-      
this->_client_qc->close(QUICConnectionErrorUPtr(static_cast<QUICConnectionError 
*>(error.release())));
+      code = error->trans_error_code;
     } else {
-      this->_client_qc->close(QUICConnectionErrorUPtr(new 
QUICConnectionError(QUICTransErrorCode::PROTOCOL_VIOLATION)));
+      code = QUICTransErrorCode::PROTOCOL_VIOLATION;
     }
-    QUICHSDebug("Enter state_closed");
-    SET_HANDLER(&QUICHandshake::state_closed);
+    this->_abort_handshake(code);
   }
 
   return EVENT_CONT;
@@ -242,13 +248,13 @@ QUICHandshake::state_read_client_finished(int event, 
Event *data)
   }
 
   if (error->cls != QUICErrorClass::NONE) {
+    QUICTransErrorCode code;
     if (dynamic_cast<QUICConnectionError *>(error.get()) != nullptr) {
-      
this->_client_qc->close(QUICConnectionErrorUPtr(static_cast<QUICConnectionError 
*>(error.release())));
+      code = error->trans_error_code;
     } else {
-      this->_client_qc->close(QUICConnectionErrorUPtr(new 
QUICConnectionError(QUICTransErrorCode::PROTOCOL_VIOLATION)));
+      code = QUICTransErrorCode::PROTOCOL_VIOLATION;
     }
-    QUICHSDebug("Enter state_closed");
-    SET_HANDLER(&QUICHandshake::state_closed);
+    this->_abort_handshake(code);
   }
 
   return EVENT_CONT;
@@ -395,3 +401,11 @@ QUICHandshake::_process_handshake_complete()
 
   return QUICErrorUPtr(new QUICNoError());
 }
+
+void
+QUICHandshake::_abort_handshake(QUICTransErrorCode code)
+{
+  this->_client_qc->close(QUICConnectionErrorUPtr(new 
QUICConnectionError(code)));
+  QUICHSDebug("Enter state_closed");
+  SET_HANDLER(&QUICHandshake::state_closed);
+}
diff --git a/iocore/net/quic/QUICHandshake.h b/iocore/net/quic/QUICHandshake.h
index d74344f..c7c2212 100644
--- a/iocore/net/quic/QUICHandshake.h
+++ b/iocore/net/quic/QUICHandshake.h
@@ -88,5 +88,7 @@ private:
   QUICErrorUPtr _process_client_finished();
   QUICErrorUPtr _process_handshake_complete();
 
+  void _abort_handshake(QUICTransErrorCode code);
+
   QUICStatelessToken _token;
 };

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].

Reply via email to