Welcome! Log In Create A New Profile

Re: [PATCH 1 of 5] QUIC: avoid accessing freed frame

Forum List Message List New Topic Print View

Sergey Kandaurov

August 12, 2023 09:28AM

> On 1 Aug 2023, at 11:45, Roman Arutyunyan <arut@nginx.com> wrote:
>
> # HG changeset patch
> # User Roman Arutyunyan <arut@nginx.com>
> # Date 1690874404 -14400
> # Tue Aug 01 11:20:04 2023 +0400
> # Node ID 5b91a40f2dd249000e9208a0152dc5cc0c6ea0c4
> # Parent 4f078be6e2ed08643371a3956f5f18f2357a38db
> QUIC: avoid accessing freed frame.
>
> Previously the field pnum of a potentially freed frame was accessed. Now the
> value is copied to a local variable. The old behavior did not cause any
> problems since the frame memory is not freed, but is moved to a free queue
> instead.
>
> diff --git a/src/event/quic/ngx_event_quic_ack.c b/src/event/quic/ngx_event_quic_ack.c
> --- a/src/event/quic/ngx_event_quic_ack.c
> +++ b/src/event/quic/ngx_event_quic_ack.c
> @@ -548,6 +548,7 @@ ngx_quic_persistent_congestion(ngx_conne
> void
> ngx_quic_resend_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
> {
> + uint64_t pnum;
> ngx_queue_t *q;
> ngx_quic_frame_t *f, *start;
> ngx_quic_stream_t *qs;
> @@ -556,6 +557,7 @@ ngx_quic_resend_frames(ngx_connection_t
> qc = ngx_quic_get_connection(c);
> q = ngx_queue_head(&ctx->sent);
> start = ngx_queue_data(q, ngx_quic_frame_t, queue);
> + pnum = start->pnum;
>
> ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
> "quic resend packet pnum:%uL", start->pnum);
> @@ -565,7 +567,7 @@ ngx_quic_resend_frames(ngx_connection_t
> do {
> f = ngx_queue_data(q, ngx_quic_frame_t, queue);
>
> - if (f->pnum != start->pnum) {
> + if (f->pnum != pnum) {
> break;
> }
>

Looks good.

--
Sergey Kandaurov
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH 0 of 5] QUIC congestion control fixes	Roman Arutyunyan	330	August 01, 2023 03:46AM
[PATCH 1 of 5] QUIC: avoid accessing freed frame	Roman Arutyunyan	84	August 01, 2023 03:46AM
Re: [PATCH 1 of 5] QUIC: avoid accessing freed frame	Sergey Kandaurov	76	August 12, 2023 09:28AM
[PATCH 2 of 5] QUIC: eliminated spurious recovery period	Roman Arutyunyan	85	August 01, 2023 03:46AM
Re: [PATCH 2 of 5] QUIC: eliminated spurious recovery period	Sergey Kandaurov	73	August 12, 2023 09:30AM
[PATCH 3 of 5] QUIC: fixed PTO expiration condition	Roman Arutyunyan	74	August 01, 2023 03:46AM
Re: [PATCH 3 of 5] QUIC: fixed PTO expiration condition	Sergey Kandaurov	79	August 12, 2023 11:10AM
[PATCH 4 of 5] QUIC: fixed probe-congestion deadlock	Roman Arutyunyan	81	August 01, 2023 03:46AM
Re: [PATCH 4 of 5] QUIC: fixed probe-congestion deadlock	Sergey Kandaurov	78	August 13, 2023 04:20PM
Re: [PATCH 4 of 5] QUIC: fixed probe-congestion deadlock	Roman Arutyunyan	70	August 14, 2023 12:38AM
Re: [PATCH 4 of 5] QUIC: fixed probe-congestion deadlock	Sergey Kandaurov	85	August 14, 2023 05:34AM
[PATCH 5 of 5] QUIC: ignore blocked status in congestion event handlers	Roman Arutyunyan	79	August 01, 2023 03:46AM
Re: [PATCH 5 of 5] QUIC: ignore blocked status in congestion event handlers	Sergey Kandaurov	71	August 13, 2023 05:14PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 82

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018