Mercurial > hg > nginx
changeset 8757:dcc57827098d quic
QUIC: fixed parsing of unknown frame types.
The ngx_quic_frame_allowed() function only expects known frame types.
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Mon, 19 Apr 2021 11:36:41 +0300 |
| parents | e29b7508b8b3 |
| children | 17492dfd4744 |
| files | src/event/quic/ngx_event_quic_transport.c src/event/quic/ngx_event_quic_transport.h |
| diffstat | 2 files changed, 9 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_transport.c +++ b/src/event/quic/ngx_event_quic_transport.c @@ -742,6 +742,13 @@ ngx_quic_parse_frame(ngx_quic_header_t * return NGX_ERROR; } + if (varint > NGX_QUIC_FT_LAST) { + pkt->error = NGX_QUIC_ERR_FRAME_ENCODING_ERROR; + ngx_log_error(NGX_LOG_INFO, pkt->log, 0, + "quic unknown frame type 0x%xL", varint); + return NGX_ERROR; + } + f->type = varint; if (ngx_quic_frame_allowed(pkt, f->type) != NGX_OK) {
--- a/src/event/quic/ngx_event_quic_transport.h +++ b/src/event/quic/ngx_event_quic_transport.h @@ -83,6 +83,8 @@ #define NGX_QUIC_FT_CONNECTION_CLOSE_APP 0x1D #define NGX_QUIC_FT_HANDSHAKE_DONE 0x1E +#define NGX_QUIC_FT_LAST NGX_QUIC_FT_HANDSHAKE_DONE + /* 22.4. QUIC Transport Error Codes Registry */ /* Keep in sync with ngx_quic_errors[] */ #define NGX_QUIC_ERR_NO_ERROR 0x00