]> git.kaiwu.me - nginx.git/commitdiff
Added tests for connection id lengths in initial packet.
authorVladimir Homutov <vl@nginx.com>
Thu, 14 May 2020 11:49:28 +0000 (14:49 +0300)
committerVladimir Homutov <vl@nginx.com>
Thu, 14 May 2020 11:49:28 +0000 (14:49 +0300)
src/event/ngx_event_quic.c
src/event/ngx_event_quic_transport.c
src/event/ngx_event_quic_transport.h

index 26e307bbee294d2131e8417e11f87b4406f8e332..2ebb72f245572881f5df2de1055fd1acc741fe96 100644 (file)
@@ -579,6 +579,14 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp,
         return NGX_ERROR;
     }
 
+    if (pkt->dcid.len < NGX_QUIC_CID_LEN_MIN) {
+        /* 7.2.  Negotiating Connection IDs */
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "quic too short dcid in initial packet: length %i",
+                      pkt->dcid.len);
+        return NGX_ERROR;
+    }
+
     c->log->action = "creating new quic connection";
 
     qc = ngx_pcalloc(c->pool, sizeof(ngx_quic_connection_t));
index 1732f8b0ff0f2d4e06f3c8f889d04f5d558ff740..5d0182032efebe64d06689d51dd633621d5162d4 100644 (file)
@@ -283,6 +283,12 @@ ngx_quic_parse_long_header(ngx_quic_header_t *pkt)
         return NGX_ERROR;
     }
 
+    if (idlen > NGX_QUIC_CID_LEN_MAX) {
+        ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
+                      "quic packet dcid is too long");
+        return NGX_ERROR;
+    }
+
     pkt->dcid.len = idlen;
 
     p = ngx_quic_read_bytes(p, end, idlen, &pkt->dcid.data);
@@ -299,6 +305,12 @@ ngx_quic_parse_long_header(ngx_quic_header_t *pkt)
         return NGX_ERROR;
     }
 
+    if (idlen > NGX_QUIC_CID_LEN_MAX) {
+        ngx_log_error(NGX_LOG_INFO, pkt->log, 0,
+                      "quic packet scid is too long");
+        return NGX_ERROR;
+    }
+
     pkt->scid.len = idlen;
 
     p = ngx_quic_read_bytes(p, end, idlen, &pkt->scid.data);
index c3b2bbf01f56af434bb783e564a95cb0b823617e..35db6ccf3056bc2da4138a28ec7327106091edfe 100644 (file)
 #define NGX_QUIC_TP_PREFERRED_ADDRESS                    0x0D
 #define NGX_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT           0x0E
 
+#define NGX_QUIC_CID_LEN_MIN                                8
+#define NGX_QUIC_CID_LEN_MAX                               20
+
 
 typedef struct {
     uint64_t                                    largest;
@@ -130,7 +133,7 @@ typedef struct {
     uint64_t                                    seqnum;
     uint64_t                                    retire;
     uint8_t                                     len;
-    u_char                                      cid[20];
+    u_char                                      cid[NGX_QUIC_CID_LEN_MAX];
     u_char                                      srt[16];
 } ngx_quic_new_conn_id_frame_t;