]> git.kaiwu.me - nginx.git/commitdiff
Discard short packets which could not be decrypted.
authorSergey Kandaurov <pluknet@nginx.com>
Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)
So that connections are protected from failing from on-path attacks.
Decryption failure of long packets used during handshake still leads
to connection close since it barely makes sense to handle them there.

src/event/ngx_event_quic.c
src/event/ngx_event_quic_protection.c

index 1a2fdf2d5410ab3a6b9f9e4855d332c53419244d..29bce24de0bc584ce831ac96ab5d6fba12861914 100644 (file)
@@ -1830,9 +1830,11 @@ ngx_quic_app_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
 
     ctx = ngx_quic_get_send_ctx(qc, pkt->level);
 
-    if (ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn) != NGX_OK) {
+    rc = ngx_quic_decrypt(pkt, c->ssl->connection, &ctx->largest_pn);
+
+    if (rc != NGX_OK) {
         qc->error = pkt->error;
-        return NGX_ERROR;
+        return rc;
     }
 
     /* switch keys on Key Phase change */
index 8afa9e842f4233652af29f032d2e71dfff080edf..2d49106f3954bfe880455af31c024db03b0ec2ef 100644 (file)
@@ -1051,7 +1051,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
         != NGX_OK)
     {
         pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
-        return NGX_ERROR;
+        return NGX_DECLINED;
     }
 
     if (ngx_quic_long_pkt(pkt->flags)) {
@@ -1131,7 +1131,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
 
     if (rc != NGX_OK) {
         pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
-        return rc;
+        return NGX_DECLINED;
     }
 
     if (badflags) {