BUG/MINOR: quic: reject NEW_TOKEN frames from clients

As specified by RFC 9000, reject NEW_TOKEN frames emitted by clients. Close the connection with error code PROTOCOL_VIOLATION. This must be backported up to 2.6.
FireBurn · Jan 10, 2025 · 4a5d82a · 4a5d82a
1 parent a2c0c45
commit 4a5d82a
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/src/quic_rx.c b/src/quic_rx.c
@@ -915,7 +915,21 @@ static int qc_parse_pkt_frms(struct quic_conn *qc, struct quic_rx_packet *pkt,
 
 			break;
 		case QUIC_FT_NEW_TOKEN:
-			/* TODO */
+			if (qc_is_listener(qc)) {
+				TRACE_ERROR("reject NEW_TOKEN frame emitted by client",
+				            QUIC_EV_CONN_PRSHPKT, qc);
+
+				/* RFC 9000 19.7. NEW_TOKEN Frames
+				 * Clients MUST NOT send NEW_TOKEN frames. A server MUST treat receipt
+				 * of a NEW_TOKEN frame as a connection error of type
+				 * PROTOCOL_VIOLATION.
+				 */
+				quic_set_connection_close(qc, quic_err_transport(QC_ERR_PROTOCOL_VIOLATION));
+				goto err;
+			}
+			else {
+				/* TODO */
+			}
 			break;
 		case QUIC_FT_STREAM_8 ... QUIC_FT_STREAM_F:
 		{