[nginx] QUIC: ignore CRYPTO frames after handshake completion.
Sergey Kandaurov
pluknet at nginx.com
Wed May 29 14:57:51 UTC 2024
details: https://hg.nginx.org/nginx/rev/cf66916bc6a3
branches:
changeset: 9253:cf66916bc6a3
user: Roman Arutyunyan <arut at nginx.com>
date: Tue May 28 17:19:08 2024 +0400
description:
QUIC: ignore CRYPTO frames after handshake completion.
Sending handshake-level CRYPTO frames after the client's Finished message could
lead to memory disclosure and a potential segfault, if those frames are sent in
one packet with the Finished frame.
diffstat:
src/event/quic/ngx_event_quic_ssl.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diffs (15 lines):
diff -r a0cbbdeebccd -r cf66916bc6a3 src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c Tue May 28 17:18:50 2024 +0400
+++ b/src/event/quic/ngx_event_quic_ssl.c Tue May 28 17:19:08 2024 +0400
@@ -326,6 +326,11 @@ ngx_quic_handle_crypto_frame(ngx_connect
ngx_quic_crypto_frame_t *f;
qc = ngx_quic_get_connection(c);
+
+ if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) {
+ return NGX_OK;
+ }
+
ctx = ngx_quic_get_send_ctx(qc, pkt->level);
f = &frame->u.crypto;
More information about the nginx-devel
mailing list