Mercurial > hg > nginx

comparison src/event/ngx_event_quic_protection.c @ 8646:4bf332873a83 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Per the latest post draft-32 specification updates on the topic: https://github.com/quicwg/base-drafts/pull/4391
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 18 Nov 2020 20:56:11 +0000
parents ae4bffb75df8
children dbad2d6d1898
comparison
equal deleted inserted replaced
8645:ae4bffb75df8 8646:4bf332873a83
1144 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN; 1144 pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
1145 pkt->payload.data = pkt->plaintext + ad.len; 1145 pkt->payload.data = pkt->plaintext + ad.len;
1146 1146
1147 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, 1147 rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
1148 nonce, &in, &ad, pkt->log); 1148 nonce, &in, &ad, pkt->log);
1149
1150 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
1151 ngx_quic_hexdump(pkt->log, "quic packet payload",
1152 pkt->payload.data, pkt->payload.len);
1153 #endif
1154
1155 if (rc != NGX_OK) { 1149 if (rc != NGX_OK) {
1156 return NGX_DECLINED; 1150 return NGX_DECLINED;
1151 }
1152
1153 if (pkt->payload.len == 0) {
1154 /*
1155 * An endpoint MUST treat receipt of a packet containing no
1156 * frames as a connection error of type PROTOCOL_VIOLATION.
1157 */
1158 ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet");
1159 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
1160 return NGX_ERROR;
1157 } 1161 }
1158 1162
1159 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) { 1163 if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) {
1160 /* 1164 /*
1161 * An endpoint MUST treat receipt of a packet that has 1165 * An endpoint MUST treat receipt of a packet that has
1167 "quic reserved bit set in packet"); 1171 "quic reserved bit set in packet");
1168 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; 1172 pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
1169 return NGX_ERROR; 1173 return NGX_ERROR;
1170 } 1174 }
1171 1175
1176 #if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
1177 ngx_quic_hexdump(pkt->log, "quic packet payload",
1178 pkt->payload.data, pkt->payload.len);
1179 #endif
1180
1172 *largest_pn = lpn; 1181 *largest_pn = lpn;
1173 1182
1174 return NGX_OK; 1183 return NGX_OK;
1175 } 1184 }
1176 1185