Mercurial > hg > nginx

diff src/event/ngx_event_quic_transport.c @ 8387:eebdda507ec3 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added tests for connection id lengths in initial packet.
author Vladimir Homutov <vl@nginx.com>
date Thu, 14 May 2020 14:49:28 +0300
parents 81f85c479d7e
children 2d5db7faa788
line wrap: on
line diff
--- a/src/event/ngx_event_quic_transport.c
+++ b/src/event/ngx_event_quic_transport.c
@@ -283,6 +283,12 @@ ngx_quic_parse_long_header(ngx_quic_head
         return NGX_ERROR;
     }
 
+    if (idlen > NGX_QUIC_CID_LEN_MAX) {
+        ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
+                      "quic packet dcid is too long");
+        return NGX_ERROR;
+    }
+
     pkt->dcid.len = idlen;
 
     p = ngx_quic_read_bytes(p, end, idlen, &pkt->dcid.data);
@@ -299,6 +305,12 @@ ngx_quic_parse_long_header(ngx_quic_head
         return NGX_ERROR;
     }
 
+    if (idlen > NGX_QUIC_CID_LEN_MAX) {
+        ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
+                      "quic packet scid is too long");
+        return NGX_ERROR;
+    }
+
     pkt->scid.len = idlen;
 
     p = ngx_quic_read_bytes(p, end, idlen, &pkt->scid.data);