Mercurial > hg > nginx

changeset 8877:b5296bd8631c quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: Check if CID has been used in stateless reset check Section 10.3.1 of RFC9000 requires this check.
author Martin Duke <m.duke@f5.com>
date Tue, 12 Oct 2021 11:56:49 +0300
parents 1ead7d64e993
children c4f249d485e3
files src/event/quic/ngx_event_quic.c
diffstat 1 files changed, 5 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -370,8 +370,11 @@ ngx_quic_process_stateless_reset(ngx_con
     {
         cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);
 
-        if (cid->seqnum == 0) {
-            /* no stateless reset token in initial connection id */
+        if (cid->seqnum == 0 || cid->refcnt == 0) {
+            /*
+             * No stateless reset token in initial connection id.
+             * Don't accept a token from an unused connection id.
+             */
             continue;
         }