Mercurial > hg > nginx

changeset 8543:9aedab0f0dff quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: check that the packet length is of at least sample size. From quic-tls draft, section 5.4.2: An endpoint MUST discard packets that are not long enough to contain a complete sample. The check includes the Packet Number field assumed to be 4 bytes long.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 08 Sep 2020 13:28:56 +0300
parents d3489d225f8f
children 26a5bd4aff57
files src/event/ngx_event_quic_protection.c
diffstat 1 files changed, 4 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -1019,6 +1019,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt,
      * AES-Based and ChaCha20-Based header protections sample 16 bytes
      */
 
+    if (pkt->len < EVP_GCM_TLS_TAG_LEN + 4) {
+        return NGX_DECLINED;
+    }
+
     sample = p + 4;
 
     /* header protection */