From 6096120d93f25e1997938fe85b7dbb4d29fb2bd1 Mon Sep 17 00:00:00 2001 From: man0s <95379755+losman0s@users.noreply.github.com> Date: Fri, 17 Oct 2025 13:11:24 +0000 Subject: [PATCH] quic: prevent premature 1-RTT packets --- src/waltz/quic/fd_quic.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/waltz/quic/fd_quic.c b/src/waltz/quic/fd_quic.c index 45bed4178fa..fda36cb220d 100644 --- a/src/waltz/quic/fd_quic.c +++ b/src/waltz/quic/fd_quic.c @@ -888,7 +888,11 @@ fd_quic_tx_enc_level( fd_quic_conn_t * conn, int acks ) { return fd_quic_enc_level_appdata_id; } - if( conn->flags && conn->upd_pkt_number >= app_pkt_number ) { + /* only allow 1-RTT "flag" frames when we have the keys, to prevent e.g. early 1-RTT PINGs */ + uint flags_pending = conn->flags & ~(FD_QUIC_CONN_FLAGS_CLOSE_SENT | FD_QUIC_CONN_FLAGS_PING_SENT); + if( ( flags_pending != 0U ) + & ( conn->upd_pkt_number >= app_pkt_number ) + & fd_uint_extract_bit( conn->keys_avail, fd_quic_enc_level_appdata_id ) ) { return fd_quic_enc_level_appdata_id; } @@ -2891,7 +2895,7 @@ fd_quic_svc_poll( fd_quic_t * quic, } } else if( quic->config.keep_alive & !!(conn->let_die_time_ns > now) ) { /* send PING */ - if( !( conn->flags & FD_QUIC_CONN_FLAGS_PING ) ) { + if( !( conn->flags & ( FD_QUIC_CONN_FLAGS_PING | FD_QUIC_CONN_FLAGS_PING_SENT ) ) ) { conn->flags |= FD_QUIC_CONN_FLAGS_PING; conn->upd_pkt_number = FD_QUIC_PKT_NUM_PENDING; /* update to be sent in next packet */ } @@ -3876,8 +3880,7 @@ fd_quic_conn_service( fd_quic_t * quic, fd_quic_conn_t * conn, long now ) { /* Send new rtt measurement probe? */ if( FD_UNLIKELY( now > conn->last_ack + (long)conn->rtt_period_ns ) ) { /* send PING */ - if( !( conn->flags & ( FD_QUIC_CONN_FLAGS_PING | FD_QUIC_CONN_FLAGS_PING_SENT ) ) - && conn->state == FD_QUIC_CONN_STATE_ACTIVE ) { + if( !( conn->flags & ( FD_QUIC_CONN_FLAGS_PING | FD_QUIC_CONN_FLAGS_PING_SENT ) ) ) { conn->flags |= FD_QUIC_CONN_FLAGS_PING; conn->upd_pkt_number = FD_QUIC_PKT_NUM_PENDING; /* update to be sent in next packet */ }