Mercurial > hg > nginx-quic

comparison src/event/ngx_event_quic_protection.c @ 8070:b13141d6d250 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: do not update largest packet number from a bad packet. The removal of QUIC packet protection depends on the largest packet number received. When a garbage packet was received, the decoder still updated the largest packet number from that packet. This could affect removing protection from subsequent QUIC packets.
author Roman Arutyunyan <arut@nginx.com>
date Tue, 01 Sep 2020 15:21:49 +0300
parents 64a484fd40a9
children c6b963de0c00
comparison
equal deleted inserted replaced
8069:4ff2a0b747d1 8070:b13141d6d250
996 ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, 996 ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
997 uint64_t *largest_pn) 997 uint64_t *largest_pn)
998 { 998 {
999 u_char clearflags, *p, *sample; 999 u_char clearflags, *p, *sample;
1000 uint8_t badflags; 1000 uint8_t badflags;
1001 uint64_t pn; 1001 uint64_t pn, lpn;
1002 ngx_int_t pnl, rc, key_phase; 1002 ngx_int_t pnl, rc, key_phase;
1003 ngx_str_t in, ad; 1003 ngx_str_t in, ad;
1004 ngx_quic_secret_t *secret; 1004 ngx_quic_secret_t *secret;
1005 ngx_quic_ciphers_t ciphers; 1005 ngx_quic_ciphers_t ciphers;
1006 uint8_t mask[16], nonce[12]; 1006 uint8_t mask[16], nonce[12];
1041 secret = pkt->next; 1041 secret = pkt->next;
1042 pkt->key_update = 1; 1042 pkt->key_update = 1;
1043 } 1043 }
1044 } 1044 }
1045 1045
1046 lpn = *largest_pn;
1047
1046 pnl = (clearflags & 0x03) + 1; 1048 pnl = (clearflags & 0x03) + 1;
1047 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn); 1049 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn);
1048 1050
1049 pkt->pn = pn; 1051 pkt->pn = pn;
1050 pkt->flags = clearflags; 1052 pkt->flags = clearflags;
1051 1053
1052 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, 1054 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0,
1116 "quic reserved bit set in packet"); 1118 "quic reserved bit set in packet");
1117 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; 1119 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
1118 return NGX_ERROR; 1120 return NGX_ERROR;
1119 } 1121 }
1120 1122
1123 *largest_pn = lpn;
1124
1121 return NGX_OK; 1125 return NGX_OK;
1122 } 1126 }
1123 1127