]> git.kaiwu.me - nginx.git/commitdiff
QUIC: fixed using of retired connection id (ticket #2289).
authorVladimir Homutov <vl@nginx.com>
Thu, 2 Dec 2021 11:09:52 +0000 (14:09 +0300)
committerVladimir Homutov <vl@nginx.com>
Thu, 2 Dec 2021 11:09:52 +0000 (14:09 +0300)
RFC 9000 19.16
 The sequence number specified in a RETIRE_CONNECTION_ID frame MUST NOT
 refer to the Destination Connection ID field of the packet in which the
 frame is contained.

Before the patch, the RETIRE_CONNECTION_ID frame was sent before switching
to the new client id.  If retired client id was currently in use, this lead
to violation of the spec.

src/event/quic/ngx_event_quic_connid.c

index 503a71b4eb9d935fb48bd1e24488b20ffdbb07f8..d87948021638c67121f34f6d0bb1b321e3e2869c 100644 (file)
@@ -77,6 +77,7 @@ ngx_int_t
 ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
     ngx_quic_new_conn_id_frame_t *f)
 {
+    uint64_t                seq;
     ngx_str_t               id;
     ngx_queue_t            *q;
     ngx_quic_client_id_t   *cid, *item;
@@ -173,10 +174,7 @@ retire:
         }
 
         /* this connection id must be retired */
-
-        if (ngx_quic_send_retire_connection_id(c, cid->seqnum) != NGX_OK) {
-            return NGX_ERROR;
-        }
+        seq = cid->seqnum;
 
         if (cid->refcnt) {
             /* we are going to retire client id which is in use */
@@ -187,6 +185,10 @@ retire:
         } else {
             ngx_quic_unref_client_id(c, cid);
         }
+
+        if (ngx_quic_send_retire_connection_id(c, seq) != NGX_OK) {
+            return NGX_ERROR;
+        }
     }
 
 done: