IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

QUIC: check that the packet length is of at least sample size.

Browse Source 
From quic-tls draft, section 5.4.2:
   An endpoint MUST discard packets that are not long enough to contain
   a complete sample.

The check includes the Packet Number field assumed to be 4 bytes long.
This commit is contained in:
Sergey Kandaurov 2020-09-08 13:28:56 +03:00
parent 952c6f1989
commit d8360f912a
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/event/ngx_event_quic_protection.c
View File

@ -1019,6 +1019,10 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
* AES-Based and ChaCha20-Based header protections sample 16 bytes
*/
if (pkt->len < EVP_GCM_TLS_TAG_LEN + 4) {
return NGX_DECLINED;
}
sample = p + 4;
/* header protection */