Validate 0-RTT frames based on packet type, not handshake progress

0-RTT packets might be received after we derive 1-RTT keys, e.g. if we received a complete ClientHello. That shouldn't cause us to relax 0-RTT frame type restrictions.
quinn-rs · Dec 8, 2023 · 7723cbc · 7723cbc
1 parent 106d44b
commit 7723cbc
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/quinn-proto/src/connection/mod.rs b/quinn-proto/src/connection/mod.rs
@@ -2499,7 +2499,6 @@ impl Connection {
         packet: Packet,
     ) -> Result<(), TransportError> {
         let payload = packet.payload.freeze();
-        let is_0rtt = self.spaces[SpaceId::Data].crypto.is_none();
         let mut is_probing_packet = true;
         let mut close = None;
         let payload_len = payload.len();
@@ -2530,7 +2529,7 @@ impl Connection {
             }
 
             let _guard = span.as_ref().map(|x| x.enter());
-            if is_0rtt {
+            if packet.header.is_0rtt() {
                 match frame {
                     Frame::Crypto(_) | Frame::Close(Close::Application(_)) => {
                         return Err(TransportError::PROTOCOL_VIOLATION(