Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic_protection.c @ 8070:b13141d6d250 quic
QUIC: do not update largest packet number from a bad packet.
The removal of QUIC packet protection depends on the largest packet number
received. When a garbage packet was received, the decoder still updated the
largest packet number from that packet. This could affect removing protection
from subsequent QUIC packets.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Tue, 01 Sep 2020 15:21:49 +0300 |
parents | 64a484fd40a9 |
children | c6b963de0c00 |
comparison
equal
deleted
inserted
replaced
8069:4ff2a0b747d1 | 8070:b13141d6d250 |
---|---|
996 ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, | 996 ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn, |
997 uint64_t *largest_pn) | 997 uint64_t *largest_pn) |
998 { | 998 { |
999 u_char clearflags, *p, *sample; | 999 u_char clearflags, *p, *sample; |
1000 uint8_t badflags; | 1000 uint8_t badflags; |
1001 uint64_t pn; | 1001 uint64_t pn, lpn; |
1002 ngx_int_t pnl, rc, key_phase; | 1002 ngx_int_t pnl, rc, key_phase; |
1003 ngx_str_t in, ad; | 1003 ngx_str_t in, ad; |
1004 ngx_quic_secret_t *secret; | 1004 ngx_quic_secret_t *secret; |
1005 ngx_quic_ciphers_t ciphers; | 1005 ngx_quic_ciphers_t ciphers; |
1006 uint8_t mask[16], nonce[12]; | 1006 uint8_t mask[16], nonce[12]; |
1041 secret = pkt->next; | 1041 secret = pkt->next; |
1042 pkt->key_update = 1; | 1042 pkt->key_update = 1; |
1043 } | 1043 } |
1044 } | 1044 } |
1045 | 1045 |
1046 lpn = *largest_pn; | |
1047 | |
1046 pnl = (clearflags & 0x03) + 1; | 1048 pnl = (clearflags & 0x03) + 1; |
1047 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], largest_pn); | 1049 pn = ngx_quic_parse_pn(&p, pnl, &mask[1], &lpn); |
1048 | 1050 |
1049 pkt->pn = pn; | 1051 pkt->pn = pn; |
1050 pkt->flags = clearflags; | 1052 pkt->flags = clearflags; |
1051 | 1053 |
1052 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, | 1054 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pkt->log, 0, |
1116 "quic reserved bit set in packet"); | 1118 "quic reserved bit set in packet"); |
1117 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; | 1119 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
1118 return NGX_ERROR; | 1120 return NGX_ERROR; |
1119 } | 1121 } |
1120 | 1122 |
1123 *largest_pn = lpn; | |
1124 | |
1121 return NGX_OK; | 1125 return NGX_OK; |
1122 } | 1126 } |
1123 | 1127 |