Mercurial > hg > nginx
changeset 8543:9aedab0f0dff quic
QUIC: check that the packet length is of at least sample size.
From quic-tls draft, section 5.4.2:
An endpoint MUST discard packets that are not long enough to contain
a complete sample.
The check includes the Packet Number field assumed to be 4 bytes long.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 08 Sep 2020 13:28:56 +0300 |
parents | d3489d225f8f |
children | 26a5bd4aff57 |
files | src/event/ngx_event_quic_protection.c |
diffstat | 1 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_quic_protection.c Tue Sep 08 13:27:39 2020 +0300 +++ b/src/event/ngx_event_quic_protection.c Tue Sep 08 13:28:56 2020 +0300 @@ -1019,6 +1019,10 @@ * AES-Based and ChaCha20-Based header protections sample 16 bytes */ + if (pkt->len < EVP_GCM_TLS_TAG_LEN + 4) { + return NGX_DECLINED; + } + sample = p + 4; /* header protection */