Mercurial > hg > nginx
diff src/event/ngx_event_quic.c @ 8251:c217a907ce42 quic
Added checks for permitted frame types.
+ cleanup in macros for packet types
+ some style fixes in quic_transport.h (case, indentation)
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Fri, 20 Mar 2020 20:03:44 +0300 |
| parents | e9891e8ee975 |
| children | c955b7eaa2d9 |
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -336,7 +336,7 @@ ngx_quic_new_connection(ngx_connection_t return NGX_ERROR; } - if ((pkt->flags & 0xf0) != NGX_QUIC_PKT_INITIAL) { + if (!ngx_quic_pkt_in(pkt->flags)) { ngx_log_error(NGX_LOG_INFO, c->log, 0, "invalid initial packet: 0x%xi", pkt->flags); return NGX_ERROR; @@ -563,20 +563,21 @@ ngx_quic_input(ngx_connection_t *c, ngx_ pkt.data = p; pkt.len = b->last - p; pkt.log = c->log; + pkt.flags = p[0]; - if (p[0] == 0) { + if (pkt.flags == 0) { /* XXX: no idea WTF is this, just ignore */ ngx_log_error(NGX_LOG_ALERT, c->log, 0, "FIREFOX: ZEROES"); break; } // TODO: check current state - if (p[0] & NGX_QUIC_PKT_LONG) { + if (ngx_quic_long_pkt(pkt.flags)) { - if ((p[0] & 0xf0) == NGX_QUIC_PKT_INITIAL) { + if (ngx_quic_pkt_in(pkt.flags)) { rc = ngx_quic_initial_input(c, &pkt); - } else if ((p[0] & 0xf0) == NGX_QUIC_PKT_HANDSHAKE) { + } else if (ngx_quic_pkt_hs(pkt.flags)) { rc = ngx_quic_handshake_input(c, &pkt); } else { @@ -665,7 +666,7 @@ ngx_quic_handshake_input(ngx_connection_ return NGX_ERROR; } - if ((pkt->flags & 0xf0) != NGX_QUIC_PKT_HANDSHAKE) { + if (!ngx_quic_pkt_hs(pkt->flags)) { ngx_log_error(NGX_LOG_INFO, c->log, 0, "invalid packet type: 0x%xi", pkt->flags); return NGX_ERROR; @@ -734,6 +735,14 @@ ngx_quic_payload_handler(ngx_connection_ while (p < end) { len = ngx_quic_parse_frame(pkt, p, end, &frame); + + if (len == NGX_DECLINED) { + /* TODO: handle protocol violation: + * such frame not allowed in this packet + */ + return NGX_ERROR; + } + if (len < 0) { return NGX_ERROR; }