Mercurial > hg > nginx
diff src/event/quic/ngx_event_quic_ssl.c @ 9283:bbdcab20d67e
QUIC: ignore CRYPTO frames after handshake completion.
Sending handshake-level CRYPTO frames after the client's Finished message could
lead to memory disclosure and a potential segfault, if those frames are sent in
one packet with the Finished frame.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Tue, 28 May 2024 17:19:08 +0400 |
parents | ff98ae7d261e |
children |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_ssl.c Tue May 28 17:18:50 2024 +0400 +++ b/src/event/quic/ngx_event_quic_ssl.c Tue May 28 17:19:08 2024 +0400 @@ -326,6 +326,11 @@ ngx_quic_crypto_frame_t *f; qc = ngx_quic_get_connection(c); + + if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) { + return NGX_OK; + } + ctx = ngx_quic_get_send_ctx(qc, pkt->level); f = &frame->u.crypto;