Mercurial > hg > nginx

changeset 8544:26a5bd4aff57 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: removed check for packet size beyond MAX_UDP_PAYLOAD_SIZE. The check tested the total size of a packet header and unprotected packet payload, which doesn't include the packet number length and expansion of the packet protection AEAD. If the packet was corrupted, it could cause false triggering of the condition due to unsigned type underflow leading to a connection error. Existing checks for the QUIC header and protected packet payload lengths should be enough.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 08 Sep 2020 13:35:50 +0300
parents 9aedab0f0dff
children 702f1d2581a4
files src/event/ngx_event_quic_protection.c
diffstat 1 files changed, 0 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -1089,11 +1089,6 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
 #endif
 
     pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
-
-    if (NGX_QUIC_MAX_UDP_PAYLOAD_SIZE - ad.len < pkt->payload.len) {
-        return NGX_ERROR;
-    }
-
     pkt->payload.data = pkt->plaintext + ad.len;
 
     rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,