http3: reject duplicate control streams opened by the server (#4342)

2025-04-03 20:27:35 +03:00 · 2024-03-03 17:58:24 +10:30 · 2024-03-03 17:58:24 +10:30 · c5f7096f00
commit c5f7096f00
parent 9813766373
2 changed files with 38 additions and 1 deletions
--- a/http3/client.go
+++ b/http3/client.go
@ -183,6 +183,8 @@ func (c *client) handleBidirectionalStreams(conn quic.EarlyConnection) {
 }
 func (c *client) handleUnidirectionalStreams(conn quic.EarlyConnection) {
 	var rcvdControlStream atomic.Bool
 	for {
 		str, err := conn.AcceptUniStream(context.Background())
 		if err != nil {
@ -217,6 +219,11 @@ func (c *client) handleUnidirectionalStreams(conn quic.EarlyConnection) {
 				str.CancelRead(quic.StreamErrorCode(ErrCodeStreamCreationError))
 				return
 			}
 			// Only a single control stream is allowed.
 			if isFirstControlStr := rcvdControlStream.CompareAndSwap(false, true); !isFirstControlStr {
 				conn.CloseWithError(quic.ApplicationErrorCode(ErrCodeStreamCreationError), "duplicate control stream")
 				return
 			}
 			f, err := parseNextFrame(str, nil)
 			if err != nil {
 				conn.CloseWithError(quic.ApplicationErrorCode(ErrCodeFrameError), "")
--- a/http3/client_test.go
+++ b/http3/client_test.go
@ -15,6 +15,7 @@ import (
 	"github.com/quic-go/quic-go"
 	mockquic "github.com/quic-go/quic-go/internal/mocks/quic"
 	"github.com/quic-go/quic-go/internal/protocol"
 	"github.com/quic-go/quic-go/internal/qerr"
 	"github.com/quic-go/quic-go/internal/utils"
 	"github.com/quic-go/quic-go/quicvarint"
@ -442,7 +443,7 @@ var _ = Describe("Client", func() {
 			conn                 *mockquic.MockEarlyConnection
 			settingsFrameWritten chan struct{}
 		)
-		testDone := make(chan struct{})
+		testDone := make(chan struct{}, 1)
 		BeforeEach(func() {
 			settingsFrameWritten = make(chan struct{})
@ -487,6 +488,35 @@ var _ = Describe("Client", func() {
 			time.Sleep(scaleDuration(20 * time.Millisecond)) // don't EXPECT any calls to conn.CloseWithError
 		})
 		It("rejects duplicate control streams", func() {
 			b := quicvarint.Append(nil, streamTypeControlStream)
 			b = (&settingsFrame{}).Append(b)
 			r1 := bytes.NewReader(b)
 			controlStr1 := mockquic.NewMockStream(mockCtrl)
 			controlStr1.EXPECT().Read(gomock.Any()).DoAndReturn(r1.Read).AnyTimes()
 			r2 := bytes.NewReader(b)
 			controlStr2 := mockquic.NewMockStream(mockCtrl)
 			controlStr2.EXPECT().Read(gomock.Any()).DoAndReturn(r2.Read).AnyTimes()
 			done := make(chan struct{})
 			conn.EXPECT().CloseWithError(qerr.ApplicationErrorCode(ErrCodeStreamCreationError), "duplicate control stream").Do(func(qerr.ApplicationErrorCode, string) error {
 				close(done)
 				return nil
 			})
 			conn.EXPECT().AcceptUniStream(gomock.Any()).DoAndReturn(func(context.Context) (quic.ReceiveStream, error) {
 				return controlStr1, nil
 			})
 			conn.EXPECT().AcceptUniStream(gomock.Any()).DoAndReturn(func(context.Context) (quic.ReceiveStream, error) {
 				return controlStr2, nil
 			})
 			conn.EXPECT().AcceptUniStream(gomock.Any()).DoAndReturn(func(context.Context) (quic.ReceiveStream, error) {
 				<-done
 				return nil, errors.New("test done")
 			})
 			_, err := cl.RoundTripOpt(req, RoundTripOpt{})
 			Expect(err).To(HaveOccurred())
 			Eventually(done).Should(BeClosed())
 		})
 		for _, t := range []uint64{streamTypeQPACKEncoderStream, streamTypeQPACKDecoderStream} {
 			streamType := t
 			name := "encoder"