limit Config.MaxIncoming{Uni}Streams to 2^60

This commit is contained in:
Marten Seemann 2020-08-11 10:44:24 +07:00
parent ce24f7e46f
commit 69df425318
5 changed files with 44 additions and 1 deletions

View file

@ -164,6 +164,9 @@ func dialContext(
if tlsConf == nil { if tlsConf == nil {
return nil, errors.New("quic: tls.Config not set") return nil, errors.New("quic: tls.Config not set")
} }
if err := validateConfig(config); err != nil {
return nil, err
}
config = populateClientConfig(config, createdPacketConn) config = populateClientConfig(config, createdPacketConn)
packetHandlers, err := getMultiplexer().AddConn(pconn, config.ConnectionIDLength, config.StatelessResetKey, config.Tracer) packetHandlers, err := getMultiplexer().AddConn(pconn, config.ConnectionIDLength, config.StatelessResetKey, config.Tracer)
if err != nil { if err != nil {

View file

@ -1,6 +1,10 @@
package quic package quic
import "github.com/lucas-clemente/quic-go/internal/protocol" import (
"errors"
"github.com/lucas-clemente/quic-go/internal/protocol"
)
// Clone clones a Config // Clone clones a Config
func (c *Config) Clone() *Config { func (c *Config) Clone() *Config {
@ -8,6 +12,19 @@ func (c *Config) Clone() *Config {
return &copy return &copy
} }
func validateConfig(config *Config) error {
if config == nil {
return nil
}
if config.MaxIncomingStreams > 1<<60 {
return errors.New("invalid value for Config.MaxIncomingStreams")
}
if config.MaxIncomingUniStreams > 1<<60 {
return errors.New("invalid value for Config.MaxIncomingUniStreams")
}
return nil
}
// populateServerConfig populates fields in the quic.Config with their default values, if none are set // populateServerConfig populates fields in the quic.Config with their default values, if none are set
// it may be called with nil // it may be called with nil
func populateServerConfig(config *Config) *Config { func populateServerConfig(config *Config) *Config {

View file

@ -15,6 +15,24 @@ import (
) )
var _ = Describe("Config", func() { var _ = Describe("Config", func() {
Context("validating", func() {
It("validates a nil config", func() {
Expect(validateConfig(nil)).To(Succeed())
})
It("validates a config with normal values", func() {
Expect(validateConfig(populateServerConfig(&Config{}))).To(Succeed())
})
It("errors on too large values for MaxIncomingStreams", func() {
Expect(validateConfig(&Config{MaxIncomingStreams: 1<<60 + 1})).To(MatchError("invalid value for Config.MaxIncomingStreams"))
})
It("errors on too large values for MaxIncomingUniStreams", func() {
Expect(validateConfig(&Config{MaxIncomingUniStreams: 1<<60 + 1})).To(MatchError("invalid value for Config.MaxIncomingUniStreams"))
})
})
configWithNonZeroNonFunctionFields := func() *Config { configWithNonZeroNonFunctionFields := func() *Config {
c := &Config{} c := &Config{}
v := reflect.ValueOf(c).Elem() v := reflect.ValueOf(c).Elem()

View file

@ -242,10 +242,12 @@ type Config struct {
// If this value is zero, it will default to 1.5 MB for the server and 15 MB for the client. // If this value is zero, it will default to 1.5 MB for the server and 15 MB for the client.
MaxReceiveConnectionFlowControlWindow uint64 MaxReceiveConnectionFlowControlWindow uint64
// MaxIncomingStreams is the maximum number of concurrent bidirectional streams that a peer is allowed to open. // MaxIncomingStreams is the maximum number of concurrent bidirectional streams that a peer is allowed to open.
// Values above 2^60 are invalid.
// If not set, it will default to 100. // If not set, it will default to 100.
// If set to a negative value, it doesn't allow any bidirectional streams. // If set to a negative value, it doesn't allow any bidirectional streams.
MaxIncomingStreams int64 MaxIncomingStreams int64
// MaxIncomingUniStreams is the maximum number of concurrent unidirectional streams that a peer is allowed to open. // MaxIncomingUniStreams is the maximum number of concurrent unidirectional streams that a peer is allowed to open.
// Values above 2^60 are invalid.
// If not set, it will default to 100. // If not set, it will default to 100.
// If set to a negative value, it doesn't allow any unidirectional streams. // If set to a negative value, it doesn't allow any unidirectional streams.
MaxIncomingUniStreams int64 MaxIncomingUniStreams int64

View file

@ -171,6 +171,9 @@ func listen(conn net.PacketConn, tlsConf *tls.Config, config *Config, acceptEarl
if tlsConf == nil { if tlsConf == nil {
return nil, errors.New("quic: tls.Config not set") return nil, errors.New("quic: tls.Config not set")
} }
if err := validateConfig(config); err != nil {
return nil, err
}
config = populateServerConfig(config) config = populateServerConfig(config)
for _, v := range config.Versions { for _, v := range config.Versions {
if !protocol.IsValidVersion(v) { if !protocol.IsValidVersion(v) {