Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_transport.c @ 8758:17492dfd4744 quic
QUIC: added missing checks for limits in stream frames parsing.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Mon, 19 Apr 2021 09:46:37 +0300 |
| parents | dcc57827098d |
| children | 515ac3c8435c |
comparison
equal
deleted
inserted
replaced
| 8757:dcc57827098d | 8758:17492dfd4744 |
|---|---|
| 1001 p = ngx_quic_parse_int(p, end, &f->u.streams_blocked.limit); | 1001 p = ngx_quic_parse_int(p, end, &f->u.streams_blocked.limit); |
| 1002 if (p == NULL) { | 1002 if (p == NULL) { |
| 1003 goto error; | 1003 goto error; |
| 1004 } | 1004 } |
| 1005 | 1005 |
| 1006 if (f->u.streams_blocked.limit > 0x1000000000000000) { | |
| 1007 goto error; | |
| 1008 } | |
| 1009 | |
| 1006 f->u.streams_blocked.bidi = | 1010 f->u.streams_blocked.bidi = |
| 1007 (f->type == NGX_QUIC_FT_STREAMS_BLOCKED) ? 1 : 0; | 1011 (f->type == NGX_QUIC_FT_STREAMS_BLOCKED) ? 1 : 0; |
| 1008 break; | 1012 break; |
| 1009 | 1013 |
| 1010 case NGX_QUIC_FT_MAX_STREAMS: | 1014 case NGX_QUIC_FT_MAX_STREAMS: |
| 1011 case NGX_QUIC_FT_MAX_STREAMS2: | 1015 case NGX_QUIC_FT_MAX_STREAMS2: |
| 1012 | 1016 |
| 1013 p = ngx_quic_parse_int(p, end, &f->u.max_streams.limit); | 1017 p = ngx_quic_parse_int(p, end, &f->u.max_streams.limit); |
| 1014 if (p == NULL) { | 1018 if (p == NULL) { |
| 1019 goto error; | |
| 1020 } | |
| 1021 | |
| 1022 if (f->u.max_streams.limit > 0x1000000000000000) { | |
| 1015 goto error; | 1023 goto error; |
| 1016 } | 1024 } |
| 1017 | 1025 |
| 1018 f->u.max_streams.bidi = (f->type == NGX_QUIC_FT_MAX_STREAMS) ? 1 : 0; | 1026 f->u.max_streams.bidi = (f->type == NGX_QUIC_FT_MAX_STREAMS) ? 1 : 0; |
| 1019 | 1027 |