Welcome! Log In Create A New Profile

Advanced

[nginx] QUIC: client transport parameter data length checking.

Sergey Kandaurov
May 29, 2024 10:58AM
details: https://hg.nginx.org/nginx/rev/371b6a7d0673
branches:
changeset: 9250:371b6a7d0673
user: Sergey Kandaurov <pluknet@nginx.com>
date: Tue May 28 17:17:19 2024 +0400
description:
QUIC: client transport parameter data length checking.

diffstat:

src/event/quic/ngx_event_quic_transport.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)

diffs (18 lines):

diff -r 2e9588d65dd9 -r 371b6a7d0673 src/event/quic/ngx_event_quic_transport.c
--- a/src/event/quic/ngx_event_quic_transport.c Sat Nov 25 21:57:09 2023 +0000
+++ b/src/event/quic/ngx_event_quic_transport.c Tue May 28 17:17:19 2024 +0400
@@ -1750,6 +1750,14 @@ ngx_quic_parse_transport_params(u_char *
return NGX_ERROR;
}

+ if ((size_t) (end - p) < len) {
+ ngx_log_error(NGX_LOG_INFO, log, 0,
+ "quic failed to parse"
+ " transport param id:0x%xL, data length %uL too long",
+ id, len);
+ return NGX_ERROR;
+ }
+
rc = ngx_quic_parse_transport_param(p, p + len, id, tp);

if (rc == NGX_ERROR) {
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] QUIC: client transport parameter data length checking.

Sergey Kandaurov 198 May 29, 2024 10:58AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 109
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready