quic: prevent premature 1-RTT packets (#6805)

Author: losman0s

src/waltz/quic/fd_quic.c

@@ -888,7 +888,11 @@ fd_quic_tx_enc_level( fd_quic_conn_t * conn, int acks ) {
     return fd_quic_enc_level_appdata_id;
   }
 
-  if( conn->flags && conn->upd_pkt_number >= app_pkt_number ) {
+  /* only allow 1-RTT "flag" frames when we have the keys, to prevent e.g. early 1-RTT PINGs */
+  uint flags_pending = conn->flags & ~(FD_QUIC_CONN_FLAGS_CLOSE_SENT | FD_QUIC_CONN_FLAGS_PING_SENT);
+  if( ( flags_pending != 0U )
+      & ( conn->upd_pkt_number >= app_pkt_number )
+      & fd_uint_extract_bit( conn->keys_avail, fd_quic_enc_level_appdata_id ) ) {
     return fd_quic_enc_level_appdata_id;
   }
 
@@ -2891,7 +2895,7 @@ fd_quic_svc_poll( fd_quic_t *      quic,
       }
     } else if( quic->config.keep_alive & !!(conn->let_die_time_ns > now) ) {
       /* send PING */
-      if( !( conn->flags & FD_QUIC_CONN_FLAGS_PING ) ) {
+      if( !( conn->flags & ( FD_QUIC_CONN_FLAGS_PING | FD_QUIC_CONN_FLAGS_PING_SENT ) ) ) {
         conn->flags         |= FD_QUIC_CONN_FLAGS_PING;
         conn->upd_pkt_number = FD_QUIC_PKT_NUM_PENDING;     /* update to be sent in next packet */
       }
@@ -3876,8 +3880,7 @@ fd_quic_conn_service( fd_quic_t * quic, fd_quic_conn_t * conn, long now ) {
   /* Send new rtt measurement probe? */
   if( FD_UNLIKELY( now > conn->last_ack + (long)conn->rtt_period_ns ) ) {
     /* send PING */
-    if( !( conn->flags & ( FD_QUIC_CONN_FLAGS_PING | FD_QUIC_CONN_FLAGS_PING_SENT ) )
-        && conn->state == FD_QUIC_CONN_STATE_ACTIVE ) {
+    if( !( conn->flags & ( FD_QUIC_CONN_FLAGS_PING | FD_QUIC_CONN_FLAGS_PING_SENT ) ) ) {
       conn->flags         |= FD_QUIC_CONN_FLAGS_PING;
       conn->upd_pkt_number = FD_QUIC_PKT_NUM_PENDING;     /* update to be sent in next packet */
     }