wire: reject NEW_CONNECTION_ID frames with zero-length conneciton IDs (#4180)

2025-04-03 20:27:35 +03:00 · 2023-11-23 17:41:12 +07:00 · 2023-11-23 17:41:12 +07:00 · 2d7ea37672
commit 2d7ea37672
parent 771d136fa9
2 changed files with 13 additions and 1 deletions
--- a/internal/wire/new_connection_id_frame.go
+++ b/internal/wire/new_connection_id_frame.go
@ -2,6 +2,7 @@ package wire

 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"io"

@ -34,6 +35,9 @@ func parseNewConnectionIDFrame(r *bytes.Reader, _ protocol.VersionNumber) (*NewC
 	if err != nil {
 		return nil, err
 	}
+	if connIDLen == 0 {
+		return nil, errors.New("invalid zero-length connection ID")
+	}
 	connID, err := protocol.ReadConnectionID(r, int(connIDLen))
 	if err != nil {
 		return nil, err
--- a/internal/wire/new_connection_id_frame_test.go
+++ b/internal/wire/new_connection_id_frame_test.go
@ -38,7 +38,15 @@ var _ = Describe("NEW_CONNECTION_ID frame", func() {
 			Expect(err).To(MatchError("Retire Prior To value (1001) larger than Sequence Number (1000)"))
 		})

-		It("errors when the connection ID has an invalid length", func() {
+		It("errors when the connection ID has a zero-length connection ID", func() {
+			data := encodeVarInt(42)                 // sequence number
+			data = append(data, encodeVarInt(12)...) // retire prior to
+			data = append(data, 0)                   // connection ID length
+			_, err := parseNewConnectionIDFrame(bytes.NewReader(data), protocol.Version1)
+			Expect(err).To(MatchError("invalid zero-length connection ID"))
+		})
+
+		It("errors when the connection ID has an invalid length (too long)", func() {
 			data := encodeVarInt(0xdeadbeef)                                                                          // sequence number
 			data = append(data, encodeVarInt(0xcafe)...)                                                              // retire prior to
 			data = append(data, 21)                                                                                   // connection ID length