[nginx] QUIC: client transport parameter data length checking.

Sergey Kandaurov Wed, 29 May 2024 08:01:48 -0700

details:   https://hg.nginx.org/nginx/rev/04bc350b2919
branches:  stable-1.26
changeset: 9261:04bc350b2919
user:      Sergey Kandaurov <pluk...@nginx.com>
date:      Tue May 28 17:17:19 2024 +0400
description:
QUIC: client transport parameter data length checking.


diffstat:

 src/event/quic/ngx_event_quic_transport.c |  8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diffs (18 lines):

diff -r b317a71f75ae -r 04bc350b2919 src/event/quic/ngx_event_quic_transport.c
--- a/src/event/quic/ngx_event_quic_transport.c Thu May 23 19:15:38 2024 +0400
+++ b/src/event/quic/ngx_event_quic_transport.c Tue May 28 17:17:19 2024 +0400
@@ -1750,6 +1750,14 @@ ngx_quic_parse_transport_params(u_char *
             return NGX_ERROR;
         }
 
+        if ((size_t) (end - p) < len) {
+            ngx_log_error(NGX_LOG_INFO, log, 0,
+                          "quic failed to parse"
+                          " transport param id:0x%xL, data length %uL too 
long",
+                          id, len);
+            return NGX_ERROR;
+        }
+
         rc = ngx_quic_parse_transport_param(p, p + len, id, tp);
 
         if (rc == NGX_ERROR) {
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

[nginx] QUIC: client transport parameter data length checking.

Reply via email to