diff options
author | Hugo Landau <hlandau@openssl.org> | 2023-04-18 19:30:55 +0100 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2023-05-12 14:47:12 +0100 |
commit | 90cecc406f58b229ffa9c8e8473eaa6924c4a5d5 (patch) | |
tree | c02a56da8c5bccb7b033be06e55ec825773ed6ca /ssl/quic/quic_rx_depack.c | |
parent | a6b6ea17376572e3c0227b98f21dedc48215aa9a (diff) | |
download | openssl-new-90cecc406f58b229ffa9c8e8473eaa6924c4a5d5.tar.gz |
QUIC RXDP/QSM: Enforce MAX_STREAMS
Also use accept queue popping by the application as the retirement
event, i.e., as the cue to increase the limit.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Diffstat (limited to 'ssl/quic/quic_rx_depack.c')
-rw-r--r-- | ssl/quic/quic_rx_depack.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c index c49a13fe89..a81f47d6d9 100644 --- a/ssl/quic/quic_rx_depack.c +++ b/ssl/quic/quic_rx_depack.c @@ -256,6 +256,7 @@ static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch, if (stream == NULL) { uint64_t peer_role, stream_ordinal; uint64_t *p_next_ordinal_local, *p_next_ordinal_remote; + QUIC_RXFC *max_streams_fc; int is_uni; /* @@ -299,6 +300,32 @@ static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch, ? &ch->next_remote_stream_ordinal_uni : &ch->next_remote_stream_ordinal_bidi; + /* Check this isn't violating stream count flow control. */ + max_streams_fc = is_uni + ? &ch->max_streams_uni_rxfc + : &ch->max_streams_bidi_rxfc; + + if (!ossl_quic_rxfc_on_rx_stream_frame(max_streams_fc, + stream_ordinal + 1, + /*is_fin=*/0)) { + ossl_quic_channel_raise_protocol_error(ch, + QUIC_ERR_INTERNAL_ERROR, + frame_type, + "internal error (stream count RXFC)"); + return 0; + } + + if (ossl_quic_rxfc_get_error(max_streams_fc, 0) != QUIC_ERR_NO_ERROR) { + ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_STREAM_LIMIT_ERROR, + frame_type, + "exceeded maximum allowed streams"); + return 0; + } + + /* + * Create the named stream and any streams coming before it yet to + * be created. + */ while (*p_next_ordinal_remote <= stream_ordinal) { uint64_t stream_id = (*p_next_ordinal_remote << 2) | (frame_data.stream_id |