# HG changeset patch
# User Vladimir Homutov <vl@nginx.com>
# Date 1618814797 -10800
# Node ID 17492dfd4744cd52a31ac1ddb558858e17dc361f
# Parent  dcc57827098d14707c4cbd39324d598021876466
QUIC: added missing checks for limits in stream frames parsing.

diff --git a/src/event/quic/ngx_event_quic_transport.c b/src/event/quic/ngx_event_quic_transport.c
--- a/src/event/quic/ngx_event_quic_transport.c
+++ b/src/event/quic/ngx_event_quic_transport.c
@@ -1003,6 +1003,10 @@ ngx_quic_parse_frame(ngx_quic_header_t *
             goto error;
         }
 
+        if (f->u.streams_blocked.limit > 0x1000000000000000) {
+            goto error;
+        }
+
         f->u.streams_blocked.bidi =
                               (f->type == NGX_QUIC_FT_STREAMS_BLOCKED) ? 1 : 0;
         break;
@@ -1015,6 +1019,10 @@ ngx_quic_parse_frame(ngx_quic_header_t *
             goto error;
         }
 
+        if (f->u.max_streams.limit > 0x1000000000000000) {
+            goto error;
+        }
+
         f->u.max_streams.bidi = (f->type == NGX_QUIC_FT_MAX_STREAMS) ? 1 : 0;
 
         break;