don't send stateless resets for small packets

This prevents amplification and looping.

packet_handler_map.go

@@ -245,6 +245,11 @@ func (h *packetHandlerMap) GetStatelessResetToken(connID protocol.ConnectionID)
 
 func (h *packetHandlerMap) maybeSendStatelessReset(p *receivedPacket, connID protocol.ConnectionID) {
 	defer p.buffer.Release()
+	// Don't send a stateless reset in response to very small packets.
+	// This includes packets that could be stateless resets.
+	if len(p.data) <= protocol.MinStatelessResetSize {
+		return
+	}
 	token := h.GetStatelessResetToken(connID)
 	h.logger.Debugf("Sending stateless reset to %s (connection ID: %s). Token: %#x", p.remoteAddr, connID, token)
 	data := make([]byte, 23)

packet_handler_map_test.go

@@ -229,6 +229,13 @@ var _ = Describe("Packet Handler Map", func() {
 			Expect(reset.data[0] & 0x80).To(BeZero()) // short header packet
 			Expect(reset.data).To(HaveLen(protocol.MinStatelessResetSize))
 		})
+
+		It("doesn't send stateless resets for small packets", func() {
+			addr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1), Port: 1337}
+			p := append([]byte{40}, make([]byte, protocol.MinStatelessResetSize-2)...)
+			handler.handlePacket(addr, getPacketBuffer(), p)
+			Consistently(conn.dataWritten).ShouldNot(Receive())
+		})
 	})
 
 	Context("running a server", func() {