Skip to content

proto: reject stream flow-control frames above limits#2651

Open
GHX5T-SOL wants to merge 1 commit into
quinn-rs:mainfrom
GHX5T-SOL:fix-2650-stream-frame-limits
Open

proto: reject stream flow-control frames above limits#2651
GHX5T-SOL wants to merge 1 commit into
quinn-rs:mainfrom
GHX5T-SOL:fix-2650-stream-frame-limits

Conversation

@GHX5T-SOL
Copy link
Copy Markdown

@GHX5T-SOL GHX5T-SOL commented May 20, 2026

Fixes #2650.

Summary

  • validate send-side stream IDs before handling STOP_SENDING and MAX_STREAM_DATA
  • return STREAM_LIMIT_ERROR for remote-initiated bidirectional stream IDs above the advertised limit
  • add regression coverage for both frame types

Validation

  • cargo test --locked -p quinn-proto stream_limit passed: 5 passed, 0 failed
  • cargo test --locked -p quinn-proto passed: 273 unit tests and 3 doctests passed
  • cargo fmt --all -- --check passed
  • cargo clippy --locked -p quinn-proto --all-targets -- -D warnings passed
  • cargo test --locked --manifest-path fuzz/Cargo.toml passed
  • RUSTFLAGS='--cfg fuzzing' cargo build --locked --manifest-path fuzz/Cargo.toml --bin streams passed
  • git diff --check passed
  • gitleaks protect --staged --redact --no-banner passed: no leaks found

Note: #2601 also touches remote stream allocation state; this PR is against current main and may need a rebase if #2601 lands first.

djc
djc approved these changes May 20, 2026
View reviewed changes
Comment thread quinn-proto/src/connection/mod.rs
);
}
Frame::StopSending(frame::StopSending { id, error_code }) => {
if id.initiator() != self.side.side() {
Copy link
Copy Markdown
Member

@djc djc May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like for this to be a separate commit.

Copy link
Copy Markdown
Collaborator

@Ralith Ralith May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@Ralith Ralith mentioned this pull request May 21, 2026
Open
Ralith
Ralith approved these changes May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@Ralith Ralith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Comment thread quinn-proto/src/connection/mod.rs
);
}
Frame::StopSending(frame::StopSending { id, error_code }) => {
if id.initiator() != self.side.side() {
Copy link
Copy Markdown
Collaborator

@Ralith Ralith May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ralith Ralith Ralith approved these changes

@djc djc djc approved these changes

@gretchenfrage gretchenfrage Awaiting requested review from gretchenfrage gretchenfrage is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Raise a transport error on out-of-bounds STOP_SENDING and MAX_STREAM_DATA

3 participants

@GHX5T-SOL @Ralith @djc