quic14 anomaly6

doc/examples/quic/anomalies

@@ -69,6 +69,19 @@ Issue:
   On further inspection, the junk seems to be another QUIC packet. Somehow,
   picoquic is cramming multiple QUIC packets into a single UDP packet.
 
+Event file:  anomaly6.iev
+Picoquic log file: anomaly6.log
+QUIC version: draft 14
+Implementation:
+  picoquic
+Issue:
+  Client sends a MAX_STREAM_ID frame with stream id 0, which is a client, not
+  a server stream id. Server (picoquicdemo) responds with connection close and
+  error code of STREAM_ID_ERROR. However, specification does not state that it
+  is an error to send a stream id that is not an id of the peer, and does not
+  state that STREAM_ID_ERROR should be returned in this case.
+
+
 
 
 

doc/examples/quic/quic_connection.ivy

@@ -353,9 +353,9 @@ before tls_send_event(src:ip.endpoint, dst:ip.endpoint, scid:cid, dcid:cid, data
     };
     crypto_data_end(src,scid,e) := crypto_data(src,scid,e).end;
     # require conn_open(src,dcid);  # [3]
-    var hs : tls.handshakes;
-    call hs,crypto_handler_pos(src,scid,e)
-           := tls.handshake_parser.deserialize(data,crypto_handler_pos(src,scid,e));  # [1]
+    var res := tls.handshake_parser.deserialize(crypto_data(src,scid,e),crypto_handler_pos(src,scid,e));
+    var hs := res.value;
+    crypto_handler_pos(src,scid,e) := res.pos;
     var idx := hs.begin;
     while idx < hs.end {
         var h := hs.value(idx);

doc/examples/quic/quic_server_test.ivy

@@ -115,7 +115,7 @@ implement botan.lower.send(tls_id:botan.id,bytes:stream_data) {
             client.enc_level := client.enc_level.next;
         };
         if tls_id = server.tls_id {
-            call tls_send_event(server.ep, client.ep, the_cid, 0, msgs, server.enc_level)'
+            call tls_send_event(server.ep, client.ep, the_cid, 0, msgs, server.enc_level);
             server.enc_level := server.enc_level.next;
         }
     }

doc/examples/quic/tls_deser.ivy

@@ -186,6 +186,13 @@ object tls_ser = {}
         }
 
         virtual bool open_list_elem() {
+            if (fence.size() == 0) {  // tricky: see if input contains a full message
+                if (!more(4)) {
+                    return false;
+                }
+                unsigned len = (inp[pos+1] << 16) + (inp[pos+2] << 8) + inp[pos];
+                return inp.size() >= pos + len + 4;
+            }
             return more(1);
         }
         void close_list_elem() {}

doc/examples/quic/tls_protocol.ivy

@@ -23,7 +23,7 @@ object tls = { ...
 # =============
 
     instance handshakes : vector(handshake)
-    instance handshake_parser : deserializer(stream_idx,stream_data,handshakes,tls_deser)
+    instance handshake_parser : deserializer(stream_pos,stream_data,handshakes,tls_deser)
 
 # Protocol event
 # ==============

ivy/include/1.7/deserializer.ivy

@@ -17,17 +17,22 @@
 
 module deserializer(index,bytes,datatype,deser) = {
 
-    action deserialize(x:bytes,pos:index) returns (y:datatype,pos:index)
+    type result = struct {
+        pos : index,
+        value : datatype
+    }
+    
+    action deserialize(x:bytes,pos:index) returns (res:result)
 
     implementation {
         implement deserialize { <<<
-            std::vector<char> buf(x.size());
+            std::vector<char> buf(x.size() - pos);
             std::copy(x.begin()+pos,x.end(),buf.begin());
             `deser` ds(buf);
 
             try {
-               __deser(ds,y);
-               pos += ds.pos;
+               __deser(ds,res.value);
+               res.pos = pos + ds.pos;
             }
 
             // If deserialization failure, print out the packet for