Mercurial > hg > nginx
changeset 9281:081d4beeb591
QUIC: client transport parameter data length checking.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 28 May 2024 17:17:19 +0400 |
parents | da400acf3756 |
children | acb8548c00e9 |
files | src/event/quic/ngx_event_quic_transport.c |
diffstat | 1 files changed, 8 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_transport.c +++ b/src/event/quic/ngx_event_quic_transport.c @@ -1750,6 +1750,14 @@ ngx_quic_parse_transport_params(u_char * return NGX_ERROR; } + if ((size_t) (end - p) < len) { + ngx_log_error(NGX_LOG_INFO, log, 0, + "quic failed to parse" + " transport param id:0x%xL, data length %uL too long", + id, len); + return NGX_ERROR; + } + rc = ngx_quic_parse_transport_param(p, p + len, id, tp); if (rc == NGX_ERROR) {