Mercurial > hg > nginx
changeset 8758:17492dfd4744 quic
QUIC: added missing checks for limits in stream frames parsing.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Mon, 19 Apr 2021 09:46:37 +0300 |
parents | dcc57827098d |
children | 515ac3c8435c |
files | src/event/quic/ngx_event_quic_transport.c |
diffstat | 1 files changed, 8 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_transport.c Mon Apr 19 11:36:41 2021 +0300 +++ b/src/event/quic/ngx_event_quic_transport.c Mon Apr 19 09:46:37 2021 +0300 @@ -1003,6 +1003,10 @@ goto error; } + if (f->u.streams_blocked.limit > 0x1000000000000000) { + goto error; + } + f->u.streams_blocked.bidi = (f->type == NGX_QUIC_FT_STREAMS_BLOCKED) ? 1 : 0; break; @@ -1015,6 +1019,10 @@ goto error; } + if (f->u.max_streams.limit > 0x1000000000000000) { + goto error; + } + f->u.max_streams.bidi = (f->type == NGX_QUIC_FT_MAX_STREAMS) ? 1 : 0; break;