From: Vladimir Homutov Date: Mon, 19 Apr 2021 06:46:37 +0000 (+0300) Subject: QUIC: added missing checks for limits in stream frames parsing. X-Git-Url: http://git.kaiwu.me/postgresql/log/contrib/postgres_fdw/postgres_fdw.c?a=commitdiff_plain;h=f184bc0a0af74ec160399451a655eac9fb71c490;p=nginx.git QUIC: added missing checks for limits in stream frames parsing. --- diff --git a/src/event/quic/ngx_event_quic_transport.c b/src/event/quic/ngx_event_quic_transport.c index ad4758c60..0d84546eb 100644 --- a/src/event/quic/ngx_event_quic_transport.c +++ b/src/event/quic/ngx_event_quic_transport.c @@ -1003,6 +1003,10 @@ ngx_quic_parse_frame(ngx_quic_header_t *pkt, u_char *start, u_char *end, goto error; } + if (f->u.streams_blocked.limit > 0x1000000000000000) { + goto error; + } + f->u.streams_blocked.bidi = (f->type == NGX_QUIC_FT_STREAMS_BLOCKED) ? 1 : 0; break; @@ -1015,6 +1019,10 @@ ngx_quic_parse_frame(ngx_quic_header_t *pkt, u_char *start, u_char *end, goto error; } + if (f->u.max_streams.limit > 0x1000000000000000) { + goto error; + } + f->u.max_streams.bidi = (f->type == NGX_QUIC_FT_MAX_STREAMS) ? 1 : 0; break;