sync: quic-go 0.42.0

Signed-off-by: Gaukas Wang <i@gaukas.wang>
2025-04-03 04:07:35 +03:00 · 2024-04-23 22:34:55 -06:00 · 2024-04-23 22:34:55 -06:00 · 4973374ea5
commit 4973374ea5
parent d40dde9b9b
252 changed files with 13121 additions and 5437 deletions
--- a/fuzzing/frames/fuzz.go
+++ b/fuzzing/frames/fuzz.go
@ -56,22 +56,23 @@ func Fuzz(data []byte) int {
 				continue
 			}
 		}
+		validateFrame(f)

 		startLen := len(b)
 		parsedLen := initialLen - len(data)
 		b, err = f.Append(b, version)
 		if err != nil {
-			panic(fmt.Sprintf("Error writing frame %#v: %s", f, err))
+			panic(fmt.Sprintf("error writing frame %#v: %s", f, err))
 		}
 		frameLen := protocol.ByteCount(len(b) - startLen)
 		if f.Length(version) != frameLen {
-			panic(fmt.Sprintf("Inconsistent frame length for %#v: expected %d, got %d", f, frameLen, f.Length(version)))
+			panic(fmt.Sprintf("inconsistent frame length for %#v: expected %d, got %d", f, frameLen, f.Length(version)))
 		}
 		if sf, ok := f.(*wire.StreamFrame); ok {
 			sf.PutBack()
 		}
 		if frameLen > protocol.ByteCount(parsedLen) {
-			panic(fmt.Sprintf("Serialized length (%d) is longer than parsed length (%d)", len(b), parsedLen))
+			panic(fmt.Sprintf("serialized length (%d) is longer than parsed length (%d)", len(b), parsedLen))
 		}
 	}

@ -80,3 +81,52 @@ func Fuzz(data []byte) int {
 	}
 	return 1
 }
+
+func validateFrame(frame wire.Frame) {
+	switch f := frame.(type) {
+	case *wire.StreamFrame:
+		if protocol.ByteCount(len(f.Data)) != f.DataLen() {
+			panic("STREAM frame: inconsistent data length")
+		}
+	case *wire.AckFrame:
+		if f.DelayTime < 0 {
+			panic(fmt.Sprintf("invalid ACK delay_time: %s", f.DelayTime))
+		}
+		if f.LargestAcked() < f.LowestAcked() {
+			panic("ACK: largest acknowledged is smaller than lowest acknowledged")
+		}
+		for _, r := range f.AckRanges {
+			if r.Largest < 0 || r.Smallest < 0 {
+				panic("ACK range contains a negative packet number")
+			}
+		}
+		if !f.AcksPacket(f.LargestAcked()) {
+			panic("ACK frame claims that largest acknowledged is not acknowledged")
+		}
+		if !f.AcksPacket(f.LowestAcked()) {
+			panic("ACK frame claims that lowest acknowledged is not acknowledged")
+		}
+		_ = f.AcksPacket(100)
+		_ = f.AcksPacket((f.LargestAcked() + f.LowestAcked()) / 2)
+	case *wire.NewConnectionIDFrame:
+		if f.ConnectionID.Len() < 1 || f.ConnectionID.Len() > 20 {
+			panic(fmt.Sprintf("invalid NEW_CONNECTION_ID frame length: %s", f.ConnectionID))
+		}
+	case *wire.NewTokenFrame:
+		if len(f.Token) == 0 {
+			panic("NEW_TOKEN frame with an empty token")
+		}
+	case *wire.MaxStreamsFrame:
+		if f.MaxStreamNum > protocol.MaxStreamCount {
+			panic("MAX_STREAMS frame with an invalid Maximum Streams value")
+		}
+	case *wire.StreamsBlockedFrame:
+		if f.StreamLimit > protocol.MaxStreamCount {
+			panic("STREAMS_BLOCKED frame with an invalid Maximum Streams value")
+		}
+	case *wire.ConnectionCloseFrame:
+		if f.IsApplicationError && f.FrameType != 0 {
+			panic("CONNECTION_CLOSE for an application error containing a frame type")
+		}
+	}
+}
--- a/fuzzing/header/cmd/corpus.go
+++ b/fuzzing/header/cmd/corpus.go
@ -20,9 +20,9 @@ func getRandomData(l int) []byte {
 }

 func getVNP(src, dest protocol.ArbitraryLenConnectionID, numVersions int) []byte {
-	versions := make([]protocol.VersionNumber, numVersions)
+	versions := make([]protocol.Version, numVersions)
 	for i := 0; i < numVersions; i++ {
-		versions[i] = protocol.VersionNumber(rand.Uint32())
+		versions[i] = protocol.Version(rand.Uint32())
 	}
 	return wire.ComposeVersionNegotiation(src, dest, versions)
 }
--- a/fuzzing/transportparameters/cmd/corpus.go
+++ b/fuzzing/transportparameters/cmd/corpus.go
@ -3,7 +3,7 @@ package main
 import (
 	"log"
 	"math"
-	"net"
+	"net/netip"
 	"time"

 	"golang.org/x/exp/rand"
@ -59,11 +59,13 @@ func main() {
 		if rand.Int()%2 == 0 {
 			var token protocol.StatelessResetToken
 			rand.Read(token[:])
+			var ip4 [4]byte
+			rand.Read(ip4[:])
+			var ip6 [16]byte
+			rand.Read(ip6[:])
 			tp.PreferredAddress = &wire.PreferredAddress{
-				IPv4:                net.IPv4(uint8(rand.Int()), uint8(rand.Int()), uint8(rand.Int()), uint8(rand.Int())),
-				IPv4Port:            uint16(rand.Int()),
-				IPv6:                net.IP(getRandomData(16)),
-				IPv6Port:            uint16(rand.Int()),
+				IPv4:                netip.AddrPortFrom(netip.AddrFrom4(ip4), uint16(rand.Int())),
+				IPv6:                netip.AddrPortFrom(netip.AddrFrom16(ip6), uint16(rand.Int())),
 				ConnectionID:        protocol.ParseConnectionID(getRandomData(rand.Intn(21))),
 				StatelessResetToken: token,
 			}
--- a/fuzzing/transportparameters/fuzz.go
+++ b/fuzzing/transportparameters/fuzz.go
@ -2,6 +2,7 @@ package transportparameters

 import (
 	"bytes"
+	"errors"
 	"fmt"

 	"github.com/refraction-networking/uquic/fuzzing/internal/helper"
@ -26,23 +27,29 @@ func Fuzz(data []byte) int {
 	return fuzzTransportParameters(data[PrefixLen:], helper.NthBit(data[0], 1))
 }

-func fuzzTransportParameters(data []byte, isServer bool) int {
-	perspective := protocol.PerspectiveClient
-	if isServer {
-		perspective = protocol.PerspectiveServer
+func fuzzTransportParameters(data []byte, sentByServer bool) int {
+	sentBy := protocol.PerspectiveClient
+	if sentByServer {
+		sentBy = protocol.PerspectiveServer
 	}

 	tp := &wire.TransportParameters{}
-	if err := tp.Unmarshal(data, perspective); err != nil {
+	if err := tp.Unmarshal(data, sentBy); err != nil {
 		return 0
 	}
 	_ = tp.String()
+	if err := validateTransportParameters(tp, sentBy); err != nil {
+		panic(err)
+	}

 	tp2 := &wire.TransportParameters{}
-	if err := tp2.Unmarshal(tp.Marshal(perspective), perspective); err != nil {
+	if err := tp2.Unmarshal(tp.Marshal(sentBy), sentBy); err != nil {
 		fmt.Printf("%#v\n", tp)
 		panic(err)
 	}
+	if err := validateTransportParameters(tp2, sentBy); err != nil {
+		panic(err)
+	}
 	return 1
 }

@ -58,3 +65,34 @@ func fuzzTransportParametersForSessionTicket(data []byte) int {
 	}
 	return 1
 }
+
+func validateTransportParameters(tp *wire.TransportParameters, sentBy protocol.Perspective) error {
+	if sentBy == protocol.PerspectiveClient && tp.StatelessResetToken != nil {
+		return errors.New("client's transport parameters contained stateless reset token")
+	}
+	if tp.MaxIdleTimeout < 0 {
+		return fmt.Errorf("negative max_idle_timeout: %s", tp.MaxIdleTimeout)
+	}
+	if tp.AckDelayExponent > 20 {
+		return fmt.Errorf("invalid ack_delay_exponent: %d", tp.AckDelayExponent)
+	}
+	if tp.MaxUDPPayloadSize < 1200 {
+		return fmt.Errorf("invalid max_udp_payload_size: %d", tp.MaxUDPPayloadSize)
+	}
+	if tp.ActiveConnectionIDLimit < 2 {
+		return fmt.Errorf("invalid active_connection_id_limit: %d", tp.ActiveConnectionIDLimit)
+	}
+	if tp.OriginalDestinationConnectionID.Len() > 20 {
+		return fmt.Errorf("invalid original_destination_connection_id length: %s", tp.InitialSourceConnectionID)
+	}
+	if tp.InitialSourceConnectionID.Len() > 20 {
+		return fmt.Errorf("invalid initial_source_connection_id length: %s", tp.InitialSourceConnectionID)
+	}
+	if tp.RetrySourceConnectionID != nil && tp.RetrySourceConnectionID.Len() > 20 {
+		return fmt.Errorf("invalid retry_source_connection_id length: %s", tp.RetrySourceConnectionID)
+	}
+	if tp.PreferredAddress != nil && tp.PreferredAddress.ConnectionID.Len() > 20 {
+		return fmt.Errorf("invalid preferred_address connection ID length: %s", tp.PreferredAddress.ConnectionID)
+	}
+	return nil
+}