diff --git a/src/core/binding.c b/src/core/binding.c index d8f77fdd5f..d11b6bdb83 100644 --- a/src/core/binding.c +++ b/src/core/binding.c @@ -1208,8 +1208,7 @@ QuicBindingShouldRetryConnection( _In_ QUIC_RX_PACKET* Packet, _In_ uint16_t TokenLength, _In_reads_(TokenLength) - const uint8_t* Token, - _Inout_ BOOLEAN* DropPacket + const uint8_t* Token ) { // @@ -1226,14 +1225,10 @@ QuicBindingShouldRetryConnection( // to validate retry tokens is fatal. Failure to validate NEW_TOKEN // tokens is not. // - if (QuicPacketValidateInitialToken( - Binding, Packet, TokenLength, Token, DropPacket)) { + if (QuicPacketValidateInitialToken(Binding, Packet, TokenLength, Token)) { Packet->ValidToken = TRUE; return FALSE; } - if (*DropPacket) { - return FALSE; - } } uint64_t CurrentMemoryLimit = @@ -1558,17 +1553,13 @@ QuicBindingDeliverPackets( CXPLAT_DBG_ASSERT(Binding->ServerOwned); - BOOLEAN DropPacket = FALSE; - if (QuicBindingShouldRetryConnection( - Binding, Packets, TokenLength, Token, &DropPacket)) { + if (QuicBindingShouldRetryConnection(Binding, Packets, TokenLength, Token)) { return QuicBindingQueueStatelessOperation( Binding, QUIC_OPER_TYPE_RETRY, Packets); } - if (!DropPacket) { - Connection = QuicBindingCreateConnection(Binding, Packets); - } + Connection = QuicBindingCreateConnection(Binding, Packets); } if (Connection == NULL) { diff --git a/src/core/connection.c b/src/core/connection.c index eec4822b7a..fc0c6d0df2 100644 --- a/src/core/connection.c +++ b/src/core/connection.c @@ -3824,25 +3824,22 @@ QuicConnRecvHeader( QUIC_PATH* Path = &Connection->Paths[0]; if (!Path->IsPeerValidated && (Packet->ValidToken || TokenLength != 0)) { - BOOLEAN InvalidRetryToken = FALSE; if (Packet->ValidToken) { CXPLAT_DBG_ASSERT(TokenBuffer == NULL); CXPLAT_DBG_ASSERT(TokenLength == 0); QuicPacketDecodeRetryTokenV1(Packet, &TokenBuffer, &TokenLength); } else { CXPLAT_DBG_ASSERT(TokenBuffer != NULL); - if (!QuicPacketValidateInitialToken( + if (QuicPacketValidateInitialToken( Connection, Packet, TokenLength, - TokenBuffer, - &InvalidRetryToken) && - InvalidRetryToken) { - return FALSE; + TokenBuffer)) { + Packet->ValidToken = TRUE; } } - if (!InvalidRetryToken) { + if (Packet->ValidToken) { CXPLAT_DBG_ASSERT(TokenBuffer != NULL); CXPLAT_DBG_ASSERT(TokenLength == sizeof(QUIC_TOKEN_CONTENTS)); diff --git a/src/core/packet.c b/src/core/packet.c index 14397ac770..4342e9f3cc 100644 --- a/src/core/packet.c +++ b/src/core/packet.c @@ -521,39 +521,33 @@ QuicPacketValidateInitialToken( _In_ const QUIC_RX_PACKET* const Packet, _In_range_(>, 0) uint16_t TokenLength, _In_reads_(TokenLength) - const uint8_t* TokenBuffer, - _Inout_ BOOLEAN* DropPacket + const uint8_t* TokenBuffer ) { const BOOLEAN IsNewToken = TokenBuffer[0] & 0x1; if (IsNewToken) { QuicPacketLogDrop(Owner, Packet, "New Token not supported"); - *DropPacket = TRUE; return FALSE; // TODO - Support NEW_TOKEN tokens. } if (TokenLength != sizeof(QUIC_TOKEN_CONTENTS)) { QuicPacketLogDrop(Owner, Packet, "Invalid Token Length"); - *DropPacket = TRUE; return FALSE; } QUIC_TOKEN_CONTENTS Token; if (!QuicRetryTokenDecrypt(Packet, TokenBuffer, &Token)) { QuicPacketLogDrop(Owner, Packet, "Retry Token Decryption Failure"); - *DropPacket = TRUE; return FALSE; } if (Token.Encrypted.OrigConnIdLength > sizeof(Token.Encrypted.OrigConnId)) { QuicPacketLogDrop(Owner, Packet, "Invalid Retry Token OrigConnId Length"); - *DropPacket = TRUE; return FALSE; } if (!QuicAddrCompare(&Token.Encrypted.RemoteAddress, &Packet->Route->RemoteAddress)) { QuicPacketLogDrop(Owner, Packet, "Retry Token Addr Mismatch"); - *DropPacket = TRUE; return FALSE; } diff --git a/src/core/packet.h b/src/core/packet.h index c89a2b69ba..3bddae82fe 100644 --- a/src/core/packet.h +++ b/src/core/packet.h @@ -314,8 +314,7 @@ QuicPacketValidateInitialToken( _In_ const QUIC_RX_PACKET* const Packet, _In_range_(>, 0) uint16_t TokenLength, _In_reads_(TokenLength) - const uint8_t* TokenBuffer, - _Inout_ BOOLEAN* DropPacket + const uint8_t* TokenBuffer ); _IRQL_requires_max_(DISPATCH_LEVEL)