IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

QUIC: removed check for packet size beyond MAX_UDP_PAYLOAD_SIZE.

Browse Source 
The check tested the total size of a packet header and unprotected packet
payload, which doesn't include the packet number length and expansion of
the packet protection AEAD.  If the packet was corrupted, it could cause
false triggering of the condition due to unsigned type underflow leading
to a connection error.

Existing checks for the QUIC header and protected packet payload lengths
should be enough.
This commit is contained in:
Sergey Kandaurov 2020-09-08 13:35:50 +03:00
parent d8360f912a
commit 786a74e34e
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/event/ngx_event_quic_protection.c
View File

@ -1089,11 +1089,6 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
#endif
pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
if (NGX_QUIC_MAX_UDP_PAYLOAD_SIZE - ad.len < pkt->payload.len) {
return NGX_ERROR;
}
pkt->payload.data = pkt->plaintext + ad.len;
rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,