Mercurial > hg > nginx
changeset 8758:17492dfd4744 quic
QUIC: added missing checks for limits in stream frames parsing.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Mon, 19 Apr 2021 09:46:37 +0300 |
| parents | dcc57827098d |
| children | 515ac3c8435c |
| files | src/event/quic/ngx_event_quic_transport.c |
| diffstat | 1 files changed, 8 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_transport.c +++ b/src/event/quic/ngx_event_quic_transport.c @@ -1003,6 +1003,10 @@ ngx_quic_parse_frame(ngx_quic_header_t * goto error; } + if (f->u.streams_blocked.limit > 0x1000000000000000) { + goto error; + } + f->u.streams_blocked.bidi = (f->type == NGX_QUIC_FT_STREAMS_BLOCKED) ? 1 : 0; break; @@ -1015,6 +1019,10 @@ ngx_quic_parse_frame(ngx_quic_header_t * goto error; } + if (f->u.max_streams.limit > 0x1000000000000000) { + goto error; + } + f->u.max_streams.bidi = (f->type == NGX_QUIC_FT_MAX_STREAMS) ? 1 : 0; break;