From 7723cbc03f2a12a78bb98ad866a5110d30cbd266 Mon Sep 17 00:00:00 2001
From: Benjamin Saunders <ben.e.saunders@gmail.com>
Date: Fri, 8 Dec 2023 13:32:30 -0800
Subject: [PATCH] Validate 0-RTT frames based on packet type, not handshake
 progress

0-RTT packets might be received after we derive 1-RTT keys, e.g. if we
received a complete ClientHello. That shouldn't cause us to relax
0-RTT frame type restrictions.
---
 quinn-proto/src/connection/mod.rs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/quinn-proto/src/connection/mod.rs b/quinn-proto/src/connection/mod.rs
index 8530632e5..4798a1211 100644
--- a/quinn-proto/src/connection/mod.rs
+++ b/quinn-proto/src/connection/mod.rs
@@ -2499,7 +2499,6 @@ impl Connection {
         packet: Packet,
     ) -> Result<(), TransportError> {
         let payload = packet.payload.freeze();
-        let is_0rtt = self.spaces[SpaceId::Data].crypto.is_none();
         let mut is_probing_packet = true;
         let mut close = None;
         let payload_len = payload.len();
@@ -2530,7 +2529,7 @@ impl Connection {
             }
 
             let _guard = span.as_ref().map(|x| x.enter());
-            if is_0rtt {
+            if packet.header.is_0rtt() {
                 match frame {
                     Frame::Crypto(_) | Frame::Close(Close::Application(_)) => {
                         return Err(TransportError::PROTOCOL_VIOLATION(