Discarding Handshake packets if no Handshake keys yet.

Found with a previously received Initial packet with ACK only, which
instantiates a new connection but do not produce the handshake keys.

This can be triggered by a fairly well behaving client, if the server
stands behind a load balancer that stripped Initial packets exchange.

Found by F5 test suite.

1 files changed, 8 insertions, 2 deletions

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index b96af808d..ab0cf2cd7 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -870,6 +870,14 @@ ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
 
     qc = c->quic;
 
+    keys = &c->quic->keys[ssl_encryption_handshake];
+
+    if (keys->client.key.len == 0) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "no read keys yet, packet ignored");
+        return NGX_DECLINED;
+    }
+
     /* extract cleartext data into pkt */
     if (ngx_quic_parse_long_header(pkt) != NGX_OK) {
         return NGX_ERROR;
@@ -905,8 +913,6 @@ ngx_quic_handshake_input(ngx_connection_t *c, ngx_quic_header_t *pkt)
         return NGX_ERROR;
     }
 
-    keys = &c->quic->keys[ssl_encryption_handshake];
-
     pkt->secret = &keys->client;
     pkt->level = ssl_encryption_handshake;
     pkt->plaintext = buf;