Mercurial > hg > nginx

changeset 8387:eebdda507ec3 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added tests for connection id lengths in initial packet.
author Vladimir Homutov <vl@nginx.com>
date Thu, 14 May 2020 14:49:28 +0300
parents 81f85c479d7e
children a9cc1627cf1c
files src/event/ngx_event_quic.c src/event/ngx_event_quic_transport.c src/event/ngx_event_quic_transport.h
diffstat 3 files changed, 24 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -579,6 +579,14 @@ ngx_quic_new_connection(ngx_connection_t
         return NGX_ERROR;
     }
 
+    if (pkt->dcid.len < NGX_QUIC_CID_LEN_MIN) {
+        /* 7.2.  Negotiating Connection IDs */
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "quic too short dcid in initial packet: length %i",
+                      pkt->dcid.len);
+        return NGX_ERROR;
+    }
+
     c->log->action = "creating new quic connection";
 
     qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t));
--- a/src/event/ngx_event_quic_transport.c
+++ b/src/event/ngx_event_quic_transport.c
@@ -283,6 +283,12 @@ ngx_quic_parse_long_header(ngx_quic_head
         return NGX_ERROR;
     }
 
+    if (idlen > NGX_QUIC_CID_LEN_MAX) {
+        ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
+                      "quic packet dcid is too long");
+        return NGX_ERROR;
+    }
+
     pkt->dcid.len = idlen;
 
     p = ngx_quic_read_bytes(p, end, idlen, &pkt->dcid.data);
@@ -299,6 +305,12 @@ ngx_quic_parse_long_header(ngx_quic_head
         return NGX_ERROR;
     }
 
+    if (idlen > NGX_QUIC_CID_LEN_MAX) {
+        ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
+                      "quic packet scid is too long");
+        return NGX_ERROR;
+    }
+
     pkt->scid.len = idlen;
 
     p = ngx_quic_read_bytes(p, end, idlen, &pkt->scid.data);
--- a/src/event/ngx_event_quic_transport.h
+++ b/src/event/ngx_event_quic_transport.h
@@ -112,6 +112,9 @@
 #define NGX_QUIC_TP_PREFERRED_ADDRESS                    0x0D
 #define NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT           0x0E
 
+#define NGX_QUIC_CID_LEN_MIN                                8
+#define NGX_QUIC_CID_LEN_MAX                               20
+
 
 typedef struct {
     uint64_t                                    largest;
@@ -130,7 +133,7 @@ typedef struct {
     uint64_t                                    seqnum;
     uint64_t                                    retire;
     uint8_t                                     len;
-    u_char                                      cid[20];
+    u_char                                      cid[NGX_QUIC_CID_LEN_MAX];
     u_char                                      srt[16];
 } ngx_quic_new_conn_id_frame_t;