aboutsummaryrefslogtreecommitdiff
path: root/src/http/ngx_http_request.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/http/ngx_http_request.c')
-rw-r--r--src/http/ngx_http_request.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 17ad78986..fd30bf3d9 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1324,6 +1324,26 @@ ngx_http_quic_handshake(ngx_event_t *rev)
}
#endif
+ if (cleartext[0] != 0x06) {
+ ngx_log_error(NGX_LOG_INFO, rev->log, 0,
+ "unexpected frame in initial packet");
+ ngx_http_close_connection(c);
+ return;
+ }
+
+ if (cleartext[1] != 0x00) {
+ ngx_log_error(NGX_LOG_INFO, rev->log, 0,
+ "unexpected CRYPTO offset in initial packet");
+ ngx_http_close_connection(c);
+ return;
+ }
+
+ uint8_t *crypto = &cleartext[2];
+ uint64_t crypto_len = ngx_quic_parse_int(&crypto);
+
+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, rev->log, 0,
+ "quic initial packet CRYPTO length: %uL pp:%p:%p", crypto_len, cleartext, crypto);
+
sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER)
@@ -1351,7 +1371,7 @@ ngx_http_quic_handshake(ngx_event_t *rev)
if (!SSL_provide_quic_data(c->ssl->connection,
SSL_quic_read_level(c->ssl->connection),
- &cleartext[4], cleartext_len - 4))
+ crypto, crypto_len))
{
ngx_ssl_error(NGX_LOG_INFO, rev->log, 0,
"SSL_provide_quic_data() failed");
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-22 17:03:00 +0000