Mercurial > hg > nginx
comparison src/event/ngx_event_quic_protection.c @ 8646:4bf332873a83 quic
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION.
Per the latest post draft-32 specification updates on the topic:
https://github.com/quicwg/base-drafts/pull/4391
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 18 Nov 2020 20:56:11 +0000 |
parents | ae4bffb75df8 |
children | dbad2d6d1898 |
comparison
equal
deleted
inserted
replaced
8645:ae4bffb75df8 | 8646:4bf332873a83 |
---|---|
1144 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; | 1144 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; |
1145 pkt->payload.data = pkt->plaintext + ad.len; | 1145 pkt->payload.data = pkt->plaintext + ad.len; |
1146 | 1146 |
1147 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, | 1147 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, |
1148 nonce, &in, &ad, pkt->log); | 1148 nonce, &in, &ad, pkt->log); |
1149 | |
1150 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) | |
1151 ngx_quic_hexdump(pkt->log, "quic packet payload", | |
1152 pkt->payload.data, pkt->payload.len); | |
1153 #endif | |
1154 | |
1155 if (rc != NGX_OK) { | 1149 if (rc != NGX_OK) { |
1156 return NGX_DECLINED; | 1150 return NGX_DECLINED; |
1151 } | |
1152 | |
1153 if (pkt->payload.len == 0) { | |
1154 /* | |
1155 * An endpoint MUST treat receipt of a packet containing no | |
1156 * frames as a connection error of type PROTOCOL_VIOLATION. | |
1157 */ | |
1158 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet"); | |
1159 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; | |
1160 return NGX_ERROR; | |
1157 } | 1161 } |
1158 | 1162 |
1159 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) { | 1163 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) { |
1160 /* | 1164 /* |
1161 * An endpoint MUST treat receipt of a packet that has | 1165 * An endpoint MUST treat receipt of a packet that has |
1167 "quic reserved bit set in packet"); | 1171 "quic reserved bit set in packet"); |
1168 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; | 1172 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; |
1169 return NGX_ERROR; | 1173 return NGX_ERROR; |
1170 } | 1174 } |
1171 | 1175 |
1176 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) | |
1177 ngx_quic_hexdump(pkt->log, "quic packet payload", | |
1178 pkt->payload.data, pkt->payload.len); | |
1179 #endif | |
1180 | |
1172 *largest_pn = lpn; | 1181 *largest_pn = lpn; |
1173 | 1182 |
1174 return NGX_OK; | 1183 return NGX_OK; |
1175 } | 1184 } |
1176 | 1185 |