]> git.kaiwu.me - nginx.git/commitdiff
QUIC: fixed parsing of unknown frame types.
authorVladimir Homutov <vl@nginx.com>
Mon, 19 Apr 2021 08:36:41 +0000 (11:36 +0300)
committerVladimir Homutov <vl@nginx.com>
Mon, 19 Apr 2021 08:36:41 +0000 (11:36 +0300)
The ngx_quic_frame_allowed() function only expects known frame types.

src/event/quic/ngx_event_quic_transport.c
src/event/quic/ngx_event_quic_transport.h

index 2c952177cc4b9c35a53f65550fe821842bb54cf9..ad4758c60455ddd8cf3843b86744fda47cc86271 100644 (file)
@@ -742,6 +742,13 @@ ngx_quic_parse_frame(ngx_quic_header_t *pkt, u_char *start, u_char *end,
         return NGX_ERROR;
     }
 
+    if (varint > NGX_QUIC_FT_LAST) {
+        pkt->error = NGX_QUIC_ERR_FRAME_ENCODING_ERROR;
+        ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
+                      "quic unknown frame type 0x%xL", varint);
+        return NGX_ERROR;
+    }
+
     f->type = varint;
 
     if (ngx_quic_frame_allowed(pkt, f->type) != NGX_OK) {
index 2cda8088fabf498a0c14545d732a1ead00c2cfdc..9fb6217216f5b30ba166069a0c5a0f028a532744 100644 (file)
@@ -83,6 +83,8 @@
 #define NGX_QUIC_FT_CONNECTION_CLOSE_APP                 0x1D
 #define NGX_QUIC_FT_HANDSHAKE_DONE                       0x1E
 
+#define NGX_QUIC_FT_LAST  NGX_QUIC_FT_HANDSHAKE_DONE
+
 /* 22.4.  QUIC Transport Error Codes Registry */
 /* Keep in sync with ngx_quic_errors[] */
 #define NGX_QUIC_ERR_NO_ERROR                            0x00