IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

QUIC: ignore version negotiation packets.

Browse Source 
Previously, such packets were treated as long header packets with unknown
version 0, and a version negotiation packet was sent in response.  This
could be used to set up an infinite traffic reflect loop with another nginx
instance.

Now version negotiation packets are ignored.  As per RFC 9000, Section 6.1:

  An endpoint MUST NOT send a Version Negotiation packet in response to
  receiving a Version Negotiation packet.
This commit is contained in:
Roman Arutyunyan 2024-12-13 13:25:26 +04:00 committed by Sergey Kandaurov
parent 6e8ccee062
commit e057068b35
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/event/quic/ngx_event_quic_transport.c
View File

@ -295,6 +295,11 @@ ngx_quic_parse_packet(ngx_quic_header_t *pkt)
return NGX_ERROR;
}
if (pkt->version == 0) {
/* version negotiation */
return NGX_ERROR;
}
if (!ngx_quic_supported_version(pkt->version)) {
return NGX_ABORT;
}