QUIC: Check if CID has been used in stateless reset check

Section 10.3.1 of RFC9000 requires this check.
author: Martin Duke <m.duke@f5.com> 2021-10-12 11:56:49 +0300
committer: Martin Duke <m.duke@f5.com> 2021-10-12 11:56:49 +0300
commit: 5e37df0bf413bf34407ff4b399b58dc006e24b71 (patch)
tree: 5dbe864287da1b39f778dc4d859e904a696b8697 /src
parent: 010f974e44082625056f4282ab66696f3708d4cf (diff)
download: nginx-5e37df0bf413bf34407ff4b399b58dc006e24b71.tar.gz
nginx-5e37df0bf413bf34407ff4b399b58dc006e24b71.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
index 478fc8461..1217d0230 100644
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -370,8 +370,11 @@ ngx_quic_process_stateless_reset(ngx_connection_t *c, ngx_quic_header_t *pkt)
     {
         cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);
 
-        if (cid->seqnum == 0) {
-            /* no stateless reset token in initial connection id */
+        if (cid->seqnum == 0 || cid->refcnt == 0) {
+            /*
+             * No stateless reset token in initial connection id.
+             * Don't accept a token from an unused connection id.
+             */
             continue;
         }
author	Martin Duke <m.duke@f5.com>	2021-10-12 11:56:49 +0300
committer	Martin Duke <m.duke@f5.com>	2021-10-12 11:56:49 +0300
commit	5e37df0bf413bf34407ff4b399b58dc006e24b71 (patch)
tree	5dbe864287da1b39f778dc4d859e904a696b8697 /src
parent	010f974e44082625056f4282ab66696f3708d4cf (diff)
download	nginx-5e37df0bf413bf34407ff4b399b58dc006e24b71.tar.gz nginx-5e37df0bf413bf34407ff4b399b58dc006e24b71.zip