From cce71d84a109d0d82c55185a9d00ad5302caa736 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Mon, 26 Nov 2018 22:28:10 +0700
Subject: [PATCH] check that the 5th and 6th bit in the long header first byte
 are unset

---
 internal/wire/extended_header.go |  4 ++++
 internal/wire/header_test.go     | 26 ++++++++++++++++++++------
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/internal/wire/extended_header.go b/internal/wire/extended_header.go
index 4d3a142e..978c356c 100644
--- a/internal/wire/extended_header.go
+++ b/internal/wire/extended_header.go
@@ -3,6 +3,7 @@ package wire
 import (
 	"bytes"
 	"crypto/rand"
+	"errors"
 	"fmt"
 	"io"
 
@@ -40,6 +41,9 @@ func (h *ExtendedHeader) parse(b *bytes.Reader, v protocol.VersionNumber) (*Exte
 }
 
 func (h *ExtendedHeader) parseLongHeader(b *bytes.Reader, v protocol.VersionNumber) (*ExtendedHeader, error) {
+	if h.typeByte&0xc != 0 {
+		return nil, errors.New("5th and 6th bit must be 0")
+	}
 	if err := h.readPacketNumber(b); err != nil {
 		return nil, err
 	}
diff --git a/internal/wire/header_test.go b/internal/wire/header_test.go
index 613d4527..78af0fdd 100644
--- a/internal/wire/header_test.go
+++ b/internal/wire/header_test.go
@@ -193,11 +193,23 @@ var _ = Describe("Header Parsing", func() {
 			data = append(data, encodeVarInt(0x42)...) // length, 1 byte
 			data = append(data, []byte{0x12, 0x34}...) // packet number
 
-			b := bytes.NewReader(data)
-			_, err := ParseHeader(b, 0)
+			_, err := ParseHeader(bytes.NewReader(data), 0)
 			Expect(err).To(MatchError(io.EOF))
 		})
 
+		It("errors if the 5th or 6th bit are set", func() {
+			data := []byte{0xc0 | 0x2<<4 | 0x8 /* set the 5th bit */}
+			data = appendVersion(data, versionIETFFrames)
+			data = append(data, 0x0)                // connection ID lengths
+			data = append(data, 0x42)               // packet number
+			data = append(data, encodeVarInt(1)...) // length
+			hdr, err := ParseHeader(bytes.NewReader(data), 0)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(hdr.Type).To(Equal(protocol.PacketTypeHandshake))
+			_, err = hdr.ParseExtended(bytes.NewReader(data), versionIETFFrames)
+			Expect(err).To(MatchError("5th and 6th bit must be 0"))
+		})
+
 		It("errors on EOF, when parsing the header", func() {
 			data := []byte{0xc0 ^ 0x2<<4}
 			data = appendVersion(data, versionIETFFrames)
@@ -218,9 +230,10 @@ var _ = Describe("Header Parsing", func() {
 			hdrLen := len(data)
 			data = append(data, []byte{0xde, 0xad, 0xbe, 0xef}...) // packet number
 			for i := hdrLen; i < len(data); i++ {
-				b := bytes.NewReader(data[:i])
-				hdr, err := ParseHeader(b, 0)
+				data = data[:i]
+				hdr, err := ParseHeader(bytes.NewReader(data), 0)
 				Expect(err).ToNot(HaveOccurred())
+				b := bytes.NewReader(data)
 				_, err = hdr.ParseExtended(b, versionIETFFrames)
 				Expect(err).To(Equal(io.EOF))
 			}
@@ -234,9 +247,10 @@ var _ = Describe("Header Parsing", func() {
 			data = append(data, []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10}...) // source connection ID
 			hdrLen := len(data)
 			for i := hdrLen; i < len(data); i++ {
-				b := bytes.NewReader(data[:i])
-				hdr, err := ParseHeader(b, 0)
+				data = data[:i]
+				hdr, err := ParseHeader(bytes.NewReader(data), 0)
 				Expect(err).ToNot(HaveOccurred())
+				b := bytes.NewReader(data)
 				_, err = hdr.ParseExtended(b, versionIETFFrames)
 				Expect(err).To(Equal(io.EOF))
 			}