]> git.kaiwu.me - nginx.git/commitdiff
QUIC: added missing checks for limits in stream frames parsing.
authorVladimir Homutov <vl@nginx.com>
Mon, 19 Apr 2021 06:46:37 +0000 (09:46 +0300)
committerVladimir Homutov <vl@nginx.com>
Mon, 19 Apr 2021 06:46:37 +0000 (09:46 +0300)
src/event/quic/ngx_event_quic_transport.c

index ad4758c60455ddd8cf3843b86744fda47cc86271..0d84546ebc71c297474f3fb5961a7a027528f478 100644 (file)
@@ -1003,6 +1003,10 @@ ngx_quic_parse_frame(ngx_quic_header_t *pkt, u_char *start, u_char *end,
             goto error;
         }
 
+        if (f->u.streams_blocked.limit > 0x1000000000000000) {
+            goto error;
+        }
+
         f->u.streams_blocked.bidi =
                               (f->type == NGX_QUIC_FT_STREAMS_BLOCKED) ? 1 : 0;
         break;
@@ -1015,6 +1019,10 @@ ngx_quic_parse_frame(ngx_quic_header_t *pkt, u_char *start, u_char *end,
             goto error;
         }
 
+        if (f->u.max_streams.limit > 0x1000000000000000) {
+            goto error;
+        }
+
         f->u.max_streams.bidi = (f->type == NGX_QUIC_FT_MAX_STREAMS) ? 1 : 0;
 
         break;