commit df35659b2812dca33ccd96a98712b462cb1e192f
author Kazuho Oku <kazuhooku@gmail.com> Tue Nov 29 16:18:06 2022 +0900
committer Kazuho Oku <kazuhooku@gmail.com> Tue Nov 29 16:18:06 2022 +0900
tree 102e2b3203f3123d9312df6cdbb79b5fda4aa8de
parent a3cfa2f752148ce8ac8f5c86c93511f7f5a91794

encrypted_client_hello extension cannot be referred to by ech_outer_extensions

lib/picotls.c

diff --git a/lib/picotls.c b/lib/picotls.c
index 5a8e1c9..c742075 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c
@@ -3737,6 +3737,10 @@
                                 uint16_t outersize;
                                 if ((ret = ptls_decode16(&reftype, src, end)) != 0)
                                     goto Exit;
+                                if (reftype == PTLS_EXTENSION_TYPE_ENCRYPTED_CLIENT_HELLO) {
+                                    ret = PTLS_ALERT_ILLEGAL_PARAMETER;
+                                    goto Exit;
+                                }
                                 while (1) {
                                     if (ptls_decode16(&outertype, &outer_ext, outer_ext_end) != 0 ||
                                         ptls_decode16(&outersize, &outer_ext, outer_ext_end) != 0) {