Fix zero-length CID

apache · Feb 3, 2020 · 99a19e8 · 99a19e8
1 parent 550adb3
commit 99a19e8
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/iocore/net/quic/QUICPacket.cc b/iocore/net/quic/QUICPacket.cc
@@ -286,7 +286,7 @@ QUICPacketR::read_essential_info(Ptr<IOBufferBlock> block, QUICPacketType &type,
         if (length_offset + field_len >= static_cast<uint64_t>(len)) {
           return false;
         }
-        if (length_offset + field_len + packet_number_len >= static_cast<uint64_t>(len)) {
+        if (length_offset + field_len + packet_number_len > static_cast<uint64_t>(len)) {
           return false;
         }
         packet_number = QUICTypeUtil::read_QUICPacketNumber(tmp + length_offset + field_len, packet_number_len);

diff --git a/iocore/net/quic/QUICTypes.cc b/iocore/net/quic/QUICTypes.cc
@@ -577,7 +577,7 @@ QUICConnectionId
 QUICConnectionId::ZERO()
 {
   uint8_t zero[MAX_LENGTH] = {0};
-  return QUICConnectionId(zero, sizeof(zero));
+  return QUICConnectionId(zero, 0);
 }
 
 QUICConnectionId::QUICConnectionId()

diff --git a/iocore/net/quic/test/test_QUICPacket.cc b/iocore/net/quic/test/test_QUICPacket.cc
@@ -353,6 +353,33 @@ TEST_CASE("read_essential_info", "[quic]")
     CHECK(packet_number == 0x01234567);
   }
 
+  SECTION("Long header packet - INITIAL - 0 length CID")
+  {
+    uint8_t input[] = {
+      0xc2,                                           // Long header, Type: INITIAL
+      0xff, 0x00, 0x00, 0x19,                         // Version
+      0x08,                                           // DCID Len
+      0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, // Destination Connection ID
+      0x00,                                           // SCID Len
+      0x00,                                           // Token Length (i), Token (*)
+      0x42, 0x17,                                     // Length
+      0x00, 0x00, 0x00                                // Packet number
+    };
+
+    Ptr<IOBufferBlock> input_ibb = make_ptr<IOBufferBlock>(new_IOBufferBlock());
+    input_ibb->set_internal(static_cast<void *>(input), sizeof(input), BUFFER_SIZE_NOT_ALLOCATED);
+
+    QUICPacketType type;
+    QUICVersion version;
+    QUICConnectionId dcid;
+    QUICConnectionId scid;
+    QUICPacketNumber packet_number;
+    QUICKeyPhase key_phase;
+    bool result = QUICPacketR::read_essential_info(input_ibb, type, version, dcid, scid, packet_number, 0, key_phase);
+
+    REQUIRE(result);
+  }
+
   SECTION("Long header packet - RETRY")
   {
     uint8_t input[] = {