Mercurial > hg > nginx

diff src/event/ngx_event_quic_protection.c @ 8386:81f85c479d7e quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Discard packets without fixed bit or reserved bits set. Section 17.2 and 17.3 of QUIC transport: Fixed bit: Packets containing a zero value for this bit are not valid packets in this version and MUST be discarded. Reserved bit: An endpoint MUST treat receipt of a packet that has a non-zero value for these bits, after removing both packet and header protection, as a connection error of type PROTOCOL_VIOLATION.
author Vladimir Homutov <vl@nginx.com>
date Thu, 14 May 2020 01:06:45 +0300
parents 7ea34e13937f
children df18ae7161b8
line wrap: on
line diff
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -1014,6 +1014,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
     uint64_t *largest_pn)
 {
     u_char               clearflags, *p, *sample;
+    uint8_t              badflags;
     uint64_t             pn;
     ngx_int_t            pnl, rc, key_phase;
     ngx_str_t            in, ad;
@@ -1048,6 +1049,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
     if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
         != NGX_OK)
     {
+        pkt->error = NGX_QUIC_ERR_CRYPTO_ERROR;
         return NGX_ERROR;
     }
 
@@ -1085,9 +1087,11 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
 
     if (ngx_quic_long_pkt(pkt->flags)) {
         in.len = pkt->len - pnl;
+        badflags = clearflags & NGX_QUIC_PKT_LONG_RESERVED_BIT;
 
     } else {
         in.len = pkt->data + pkt->len - p;
+        badflags = clearflags & NGX_QUIC_PKT_SHORT_RESERVED_BIT;
     }
 
     ad.len = p - pkt->data;
@@ -1124,6 +1128,24 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
                      pkt->payload.data, pkt->payload.len);
 #endif
 
-    return rc;
+    if (rc != NGX_OK) {
+        pkt->error = NGX_QUIC_ERR_CRYPTO_ERROR;
+        return rc;
+    }
+
+    if (badflags) {
+        /*
+         * An endpoint MUST treat receipt of a packet that has
+         * a non-zero value for these bits, after removing both
+         * packet and header protection, as a connection error
+         * of type PROTOCOL_VIOLATION.
+         */
+        ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
+                      "quic reserved bit set in packet");
+        pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
+        return NGX_ERROR;
+    }
+
+    return NGX_OK;
 }