From c5f7096f00bb81b11d98874b508c5cc0e422bf73 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Sun, 3 Mar 2024 17:58:24 +1030 Subject: [PATCH] http3: reject duplicate control streams opened by the server (#4342) --- http3/client.go | 7 +++++++ http3/client_test.go | 32 +++++++++++++++++++++++++++++++- 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/http3/client.go b/http3/client.go index 61c153c1..1f981509 100644 --- a/http3/client.go +++ b/http3/client.go @@ -183,6 +183,8 @@ func (c *client) handleBidirectionalStreams(conn quic.EarlyConnection) { } func (c *client) handleUnidirectionalStreams(conn quic.EarlyConnection) { + var rcvdControlStream atomic.Bool + for { str, err := conn.AcceptUniStream(context.Background()) if err != nil { @@ -217,6 +219,11 @@ func (c *client) handleUnidirectionalStreams(conn quic.EarlyConnection) { str.CancelRead(quic.StreamErrorCode(ErrCodeStreamCreationError)) return } + // Only a single control stream is allowed. + if isFirstControlStr := rcvdControlStream.CompareAndSwap(false, true); !isFirstControlStr { + conn.CloseWithError(quic.ApplicationErrorCode(ErrCodeStreamCreationError), "duplicate control stream") + return + } f, err := parseNextFrame(str, nil) if err != nil { conn.CloseWithError(quic.ApplicationErrorCode(ErrCodeFrameError), "") diff --git a/http3/client_test.go b/http3/client_test.go index ed40c4d1..cb63bf34 100644 --- a/http3/client_test.go +++ b/http3/client_test.go @@ -15,6 +15,7 @@ import ( "github.com/quic-go/quic-go" mockquic "github.com/quic-go/quic-go/internal/mocks/quic" "github.com/quic-go/quic-go/internal/protocol" + "github.com/quic-go/quic-go/internal/qerr" "github.com/quic-go/quic-go/internal/utils" "github.com/quic-go/quic-go/quicvarint" @@ -442,7 +443,7 @@ var _ = Describe("Client", func() { conn *mockquic.MockEarlyConnection settingsFrameWritten chan struct{} ) - testDone := make(chan struct{}) + testDone := make(chan struct{}, 1) BeforeEach(func() { settingsFrameWritten = make(chan struct{}) @@ -487,6 +488,35 @@ var _ = Describe("Client", func() { time.Sleep(scaleDuration(20 * time.Millisecond)) // don't EXPECT any calls to conn.CloseWithError }) + It("rejects duplicate control streams", func() { + b := quicvarint.Append(nil, streamTypeControlStream) + b = (&settingsFrame{}).Append(b) + r1 := bytes.NewReader(b) + controlStr1 := mockquic.NewMockStream(mockCtrl) + controlStr1.EXPECT().Read(gomock.Any()).DoAndReturn(r1.Read).AnyTimes() + r2 := bytes.NewReader(b) + controlStr2 := mockquic.NewMockStream(mockCtrl) + controlStr2.EXPECT().Read(gomock.Any()).DoAndReturn(r2.Read).AnyTimes() + done := make(chan struct{}) + conn.EXPECT().CloseWithError(qerr.ApplicationErrorCode(ErrCodeStreamCreationError), "duplicate control stream").Do(func(qerr.ApplicationErrorCode, string) error { + close(done) + return nil + }) + conn.EXPECT().AcceptUniStream(gomock.Any()).DoAndReturn(func(context.Context) (quic.ReceiveStream, error) { + return controlStr1, nil + }) + conn.EXPECT().AcceptUniStream(gomock.Any()).DoAndReturn(func(context.Context) (quic.ReceiveStream, error) { + return controlStr2, nil + }) + conn.EXPECT().AcceptUniStream(gomock.Any()).DoAndReturn(func(context.Context) (quic.ReceiveStream, error) { + <-done + return nil, errors.New("test done") + }) + _, err := cl.RoundTripOpt(req, RoundTripOpt{}) + Expect(err).To(HaveOccurred()) + Eventually(done).Should(BeClosed()) + }) + for _, t := range []uint64{streamTypeQPACKEncoderStream, streamTypeQPACKDecoderStream} { streamType := t name := "encoder"