Mercurial > hg > nginx

diff src/event/ngx_event_quic_protection.c @ 8446:df29219988bc quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Discard short packets which could not be decrypted. So that connections are protected from failing from on-path attacks. Decryption failure of long packets used during handshake still leads to connection close since it barely makes sense to handle them there.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 23 Jun 2020 11:57:00 +0300
parents 3de1b7399650
children 011668fc9efd
line wrap: on
line diff
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -1051,7 +1051,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
         != NGX_OK)
     {
         pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
-        return NGX_ERROR;
+        return NGX_DECLINED;
     }
 
     if (ngx_quic_long_pkt(pkt->flags)) {
@@ -1131,7 +1131,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
 
     if (rc != NGX_OK) {
         pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
-        return rc;
+        return NGX_DECLINED;
     }
 
     if (badflags) {