details: http://freenginx.org/hg/nginx/rev/bbdcab20d67e
branches:
changeset: 9283:bbdcab20d67e
user: Roman Arutyunyan <a...@nginx.com>
date: Tue May 28 17:19:08 2024 +0400
description:
QUIC: ignore CRYPTO frames after handshake completion.
Sending handshake-level CRYPTO frames after the client's Finished message could
lead to memory disclosure and a potential segfault, if those frames are sent in
one packet with the Finished frame.
diffstat:
src/event/quic/ngx_event_quic_ssl.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diffs (15 lines):
diff --git a/src/event/quic/ngx_event_quic_ssl.c
b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -326,6 +326,11 @@ ngx_quic_handle_crypto_frame(ngx_connect
ngx_quic_crypto_frame_t *f;
qc = ngx_quic_get_connection(c);
+
+ if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) {
+ return NGX_OK;
+ }
+
ctx = ngx_quic_get_send_ctx(qc, pkt->level);
f = &frame->u.crypto;
