Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic_protection.c @ 8081:9aedab0f0dff quic
QUIC: check that the packet length is of at least sample size.
From quic-tls draft, section 5.4.2:
An endpoint MUST discard packets that are not long enough to contain
a complete sample.
The check includes the Packet Number field assumed to be 4 bytes long.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 08 Sep 2020 13:28:56 +0300 |
| parents | d3489d225f8f |
| children | 26a5bd4aff57 |
comparison
equal
deleted
inserted
replaced
| 8080:d3489d225f8f | 8081:9aedab0f0dff |
|---|---|
| 1017 * the Packet Number field is assumed to be 4 bytes long | 1017 * the Packet Number field is assumed to be 4 bytes long |
| 1018 * draft-ietf-quic-tls-23#section-5.4.[34]: | 1018 * draft-ietf-quic-tls-23#section-5.4.[34]: |
| 1019 * AES-Based and ChaCha20-Based header protections sample 16 bytes | 1019 * AES-Based and ChaCha20-Based header protections sample 16 bytes |
| 1020 */ | 1020 */ |
| 1021 | 1021 |
| 1022 if (pkt->len < EVP_GCM_TLS_TAG_LEN + 4) { | |
| 1023 return NGX_DECLINED; | |
| 1024 } | |
| 1025 | |
| 1022 sample = p + 4; | 1026 sample = p + 4; |
| 1023 | 1027 |
| 1024 /* header protection */ | 1028 /* header protection */ |
| 1025 | 1029 |
| 1026 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) | 1030 if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample) |