diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2024-12-13 13:25:26 +0400 |
|---|---|---|
| committer | Roman Arutyunyan <arutyunyan.roman@gmail.com> | 2024-12-26 18:58:05 +0400 |
| commit | a52ba8ba0e349585e49073c168e423c12abcf597 (patch) | |
| tree | 9e13779d9b30315622808517b50a87a4721f9715 /src | |
| parent | c73fb273acc31bff7c4e469efda5f3fd66c48557 (diff) | |
| download | nginx-a52ba8ba0e349585e49073c168e423c12abcf597.tar.gz nginx-a52ba8ba0e349585e49073c168e423c12abcf597.zip | |
QUIC: ignore version negotiation packets.
Previously, such packets were treated as long header packets with unknown
version 0, and a version negotiation packet was sent in response. This
could be used to set up an infinite traffic reflect loop with another nginx
instance.
Now version negotiation packets are ignored. As per RFC 9000, Section 6.1:
An endpoint MUST NOT send a Version Negotiation packet in response to
receiving a Version Negotiation packet.
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/quic/ngx_event_quic_transport.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/event/quic/ngx_event_quic_transport.c b/src/event/quic/ngx_event_quic_transport.c index fba098caa..bb13447b5 100644 --- a/src/event/quic/ngx_event_quic_transport.c +++ b/src/event/quic/ngx_event_quic_transport.c @@ -295,6 +295,11 @@ ngx_quic_parse_packet(ngx_quic_header_t *pkt) return NGX_ERROR; } + if (pkt->version == 0) { + /* version negotiation */ + return NGX_ERROR; + } + if (!ngx_quic_supported_version(pkt->version)) { return NGX_ABORT; } |