fix(s2n-quic-core): add validation for max-data connection Limits

quic/s2n-quic-core/src/transport/parameters/mod.rs

@@ -627,7 +627,21 @@ impl InitialMaxData {
     pub const RECOMMENDED: Self = Self(compute_data_window(150, Duration::from_millis(100), 2));
 }
 
-impl TransportParameterValidator for InitialMaxData {}
+impl TransportParameterValidator for InitialMaxData {
+    fn validate(self) -> Result<Self, DecoderError> {
+        // We limit the initial data limit to u32::MAX (4GB), which far
+        // exceeds the reasonable amount of data a connection is
+        // initially allowed to send.
+        //
+        // By representing the flow control value as a u32, we save space
+        // on the connection state.
+        decoder_invariant!(
+            *self.0 <= u32::MAX.into(),
+            "initial max data limits must be less than u32::MAX"
+        );
+        Ok(self)
+    }
+}
 
 //= https://www.rfc-editor.org/rfc/rfc9000#section-18.2
 //# initial_max_stream_data_bidi_local (0x05):  This parameter is an
@@ -647,7 +661,21 @@ impl InitialMaxStreamDataBidiLocal {
     pub const RECOMMENDED: Self = Self(InitialMaxData::RECOMMENDED.0);
 }
 
-impl TransportParameterValidator for InitialMaxStreamDataBidiLocal {}
+impl TransportParameterValidator for InitialMaxStreamDataBidiLocal {
+    fn validate(self) -> Result<Self, DecoderError> {
+        // We limit the initial data limit to u32::MAX (4GB), which far
+        // exceeds the reasonable amount of data a connection is
+        // initially allowed to send.
+        //
+        // By representing the flow control value as a u32, we save space
+        // on the connection state.
+        decoder_invariant!(
+            *self.0 <= u32::MAX.into(),
+            "initial max data limits must be less than u32::MAX"
+        );
+        Ok(self)
+    }
+}
 
 //= https://www.rfc-editor.org/rfc/rfc9000#section-18.2
 //# initial_max_stream_data_bidi_remote (0x06):  This parameter is an
@@ -666,7 +694,21 @@ impl InitialMaxStreamDataBidiRemote {
     pub const RECOMMENDED: Self = Self(InitialMaxData::RECOMMENDED.0);
 }
 
-impl TransportParameterValidator for InitialMaxStreamDataBidiRemote {}
+impl TransportParameterValidator for InitialMaxStreamDataBidiRemote {
+    fn validate(self) -> Result<Self, DecoderError> {
+        // We limit the initial data limit to u32::MAX (4GB), which far
+        // exceeds the reasonable amount of data a connection is
+        // initially allowed to send.
+        //
+        // By representing the flow control value as a u32, we save space
+        // on the connection state.
+        decoder_invariant!(
+            *self.0 <= u32::MAX.into(),
+            "initial max data limits must be less than u32::MAX"
+        );
+        Ok(self)
+    }
+}
 
 //= https://www.rfc-editor.org/rfc/rfc9000#section-18.2
 //# initial_max_stream_data_uni (0x07):  This parameter is an integer
@@ -685,7 +727,21 @@ impl InitialMaxStreamDataUni {
     pub const RECOMMENDED: Self = Self(InitialMaxData::RECOMMENDED.0);
 }
 
-impl TransportParameterValidator for InitialMaxStreamDataUni {}
+impl TransportParameterValidator for InitialMaxStreamDataUni {
+    fn validate(self) -> Result<Self, DecoderError> {
+        // We limit the initial data limit to u32::MAX (4GB), which far
+        // exceeds the reasonable amount of data a connection is
+        // initially allowed to send.
+        //
+        // By representing the flow control value as a u32, we save space
+        // on the connection state.
+        decoder_invariant!(
+            *self.0 <= u32::MAX.into(),
+            "initial max data limits must be less than u32::MAX"
+        );
+        Ok(self)
+    }
+}
 
 //= https://www.rfc-editor.org/rfc/rfc9000#section-18.2
 //# initial_max_streams_bidi (0x08):  The initial maximum bidirectional