http3: enforce that DATA frames don't exceed Content-Length (#3980)

2025-04-03 20:27:35 +03:00 · 2023-07-20 09:47:01 -07:00 · 2023-07-20 09:47:01 -07:00 · 5a22ac8970
commit 5a22ac8970
parent 56cd866840
4 changed files with 124 additions and 6 deletions
--- a/http3/http_stream.go
+++ b/http3/http_stream.go
@ -1,9 +1,11 @@
 package http3

 import (
+	"errors"
 	"fmt"

 	"github.com/quic-go/quic-go"
+	"github.com/quic-go/quic-go/internal/utils"
 )

 // A Stream is a HTTP/3 stream.
@ -66,6 +68,10 @@ func (s *stream) Read(b []byte) (int, error) {
 	return n, err
 }

+func (s *stream) hasMoreData() bool {
+	return s.bytesRemainingInFrame > 0
+}
+
 func (s *stream) Write(b []byte) (int, error) {
 	s.buf = s.buf[:0]
 	s.buf = (&dataFrame{Length: uint64(len(b))}).Append(s.buf)
@ -74,3 +80,45 @@ func (s *stream) Write(b []byte) (int, error) {
 	}
 	return s.Stream.Write(b)
 }
+
+var errTooMuchData = errors.New("peer sent too much data")
+
+type lengthLimitedStream struct {
+	*stream
+	contentLength int64
+	read          int64
+	resetStream   bool
+}
+
+var _ Stream = &lengthLimitedStream{}
+
+func newLengthLimitedStream(str *stream, contentLength int64) *lengthLimitedStream {
+	return &lengthLimitedStream{
+		stream:        str,
+		contentLength: contentLength,
+	}
+}
+
+func (s *lengthLimitedStream) checkContentLengthViolation() error {
+	if s.read > s.contentLength || s.read == s.contentLength && s.hasMoreData() {
+		if !s.resetStream {
+			s.CancelRead(quic.StreamErrorCode(ErrCodeMessageError))
+			s.CancelWrite(quic.StreamErrorCode(ErrCodeMessageError))
+			s.resetStream = true
+		}
+		return errTooMuchData
+	}
+	return nil
+}
+
+func (s *lengthLimitedStream) Read(b []byte) (int, error) {
+	if err := s.checkContentLengthViolation(); err != nil {
+		return 0, err
+	}
+	n, err := s.stream.Read(b[:utils.Min(int64(len(b)), s.contentLength-s.read)])
+	s.read += int64(n)
+	if err := s.checkContentLengthViolation(); err != nil {
+		return n, err
+	}
+	return n, err
+}