[PATCH 4 of 7] QUIC: ignore CRYPTO frames after handshake completion
Maxim Dounin
mdounin at mdounin.ru
Fri May 31 00:58:29 UTC 2024
# HG changeset patch
# User Roman Arutyunyan <arut at nginx.com>
# Date 1716902348 -14400
# Tue May 28 17:19:08 2024 +0400
# Node ID 8822af43e7e919b8c903174886c8ffecdb25f017
# Parent 352360116e2c2fef891a91284083fb1d6c36c72d
QUIC: ignore CRYPTO frames after handshake completion.
Sending handshake-level CRYPTO frames after the client's Finished message could
lead to memory disclosure and a potential segfault, if those frames are sent in
one packet with the Finished frame.
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -326,6 +326,11 @@ ngx_quic_handle_crypto_frame(ngx_connect
ngx_quic_crypto_frame_t *f;
qc = ngx_quic_get_connection(c);
+
+ if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) {
+ return NGX_OK;
+ }
+
ctx = ngx_quic_get_send_ctx(qc, pkt->level);
f = &frame->u.crypto;
More information about the nginx-devel
mailing list