IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

QUIC: ignore version negotiation packets.

Browse Source 
Previously, such packets were treated as long header packets with unknown
version 0, and a version negotiation packet was sent in response.  This
could be used to set up an infinite traffic reflect loop with another nginx
instance.

Now version negotiation packets are ignored.  As per RFC 9000, Section 6.1:

  An endpoint MUST NOT send a Version Negotiation packet in response to
  receiving a Version Negotiation packet.
This commit is contained in:
Roman Arutyunyan 2024-12-13 13:25:26 +04:00 committed by Roman Arutyunyan
parent c73fb273ac
commit a52ba8ba0e
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/event/quic/ngx_event_quic_transport.c
View File

@ -295,6 +295,11 @@ ngx_quic_parse_packet(ngx_quic_header_t *pkt)
return NGX_ERROR; return NGX_ERROR;
} }
if (pkt->version == 0) {
/* version negotiation */
return NGX_ERROR;
}
if (!ngx_quic_supported_version(pkt->version)) { if (!ngx_quic_supported_version(pkt->version)) {
return NGX_ABORT; return NGX_ABORT;
} }