[+] Fix: Handle illegal STREAM frames in INIT and HSK packets (#524)

Author: Sy0307

src/transport/xqc_frame.c

@@ -447,6 +447,16 @@ xqc_process_stream_frame(xqc_connection_t *conn, xqc_packet_in_t *packet_in)
     xqc_stream_t        *stream = NULL;
     xqc_stream_frame_t  *stream_frame;
 
+    if (packet_in->pi_pkt.pkt_type == XQC_PTYPE_INIT
+        || packet_in->pi_pkt.pkt_type == XQC_PTYPE_HSK)
+    {
+        xqc_log(conn->log, XQC_LOG_ERROR,
+                "|illegal STREAM frame in %s packet, close with PROTOCOL_VIOLATION|",
+                xqc_pkt_type_2_str(packet_in->pi_pkt.pkt_type));
+        XQC_CONN_ERR(conn, TRA_PROTOCOL_VIOLATION);
+        return -XQC_EPROTO;
+    }
+
     stream_frame = xqc_calloc(1, sizeof(xqc_stream_frame_t));
     if (stream_frame == NULL) {
         xqc_log(conn->log, XQC_LOG_ERROR, "|xqc_calloc error|");

tests/unittest/xqc_process_frame_test.c

@@ -12,6 +12,7 @@
 
 char XQC_TEST_ILL_FRAME_1[] = {0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 char XQC_TEST_ZERO_LEN_NEW_TOKEN_FRAME[] = {0x07, 0x00};
+char XQC_TEST_STREAM_FRAME[] = {0x0a, 0x00, 0x01, 0x00};
 
 
 void
@@ -31,6 +32,14 @@ xqc_test_process_frame()
     ret = xqc_process_frames(conn, &packet_in);
     CU_ASSERT(ret == -XQC_EPROTO);
 
+    xqc_packet_in_t pi_stream_init;
+    memset(&pi_stream_init, 0, sizeof(xqc_packet_in_t));
+    pi_stream_init.pi_pkt.pkt_type = XQC_PTYPE_INIT;
+    pi_stream_init.pos = XQC_TEST_STREAM_FRAME;
+    pi_stream_init.last = pi_stream_init.pos + sizeof(XQC_TEST_STREAM_FRAME);
+    ret = xqc_process_frames(conn, &pi_stream_init);
+    CU_ASSERT(ret == -XQC_EPROTO);
+
     xqc_engine_destroy(conn->engine);
 }