QUIC: ignore CRYPTO frames after handshake completion.

Sending handshake-level CRYPTO frames after the client's Finished message could lead to memory disclosure and a potential segfault, if those frames are sent in one packet with the Finished frame.
author: Roman Arutyunyan <arut@nginx.com> 2024-05-28 17:19:08 +0400
committer: Roman Arutyunyan <arut@nginx.com> 2024-05-28 17:19:08 +0400
commit: 376f12e40adc83859a4ddea21d27d7c053ce02f8 (patch)
tree: 30792f82651fc0c4951e4638360c89bdc273c6b7
parent: 3f2d8cb8f92d3c3468478651b58607f1576a12ac (diff)
download: nginx-376f12e40adc83859a4ddea21d27d7c053ce02f8.tar.gz
nginx-376f12e40adc83859a4ddea21d27d7c053ce02f8.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
index 7872783f8..ba0b5929f 100644
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -326,6 +326,11 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
     ngx_quic_crypto_frame_t  *f;
 
     qc = ngx_quic_get_connection(c);
+
+    if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) {
+        return NGX_OK;
+    }
+
     ctx = ngx_quic_get_send_ctx(qc, pkt->level);
     f = &frame->u.crypto;
author	Roman Arutyunyan <arut@nginx.com>	2024-05-28 17:19:08 +0400
committer	Roman Arutyunyan <arut@nginx.com>	2024-05-28 17:19:08 +0400
commit	376f12e40adc83859a4ddea21d27d7c053ce02f8 (patch)
tree	30792f82651fc0c4951e4638360c89bdc273c6b7
parent	3f2d8cb8f92d3c3468478651b58607f1576a12ac (diff)
download	nginx-376f12e40adc83859a4ddea21d27d7c053ce02f8.tar.gz nginx-376f12e40adc83859a4ddea21d27d7c053ce02f8.zip