aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/event/ngx_event_quic_protection.c21
1 files changed, 15 insertions, 6 deletions
diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c
index 64922b57f..5637fcec5 100644
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -1146,16 +1146,20 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,
nonce, &in, &ad, pkt->log);
-
-#if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
- ngx_quic_hexdump(pkt->log, "quic packet payload",
- pkt->payload.data, pkt->payload.len);
-#endif
-
if (rc != NGX_OK) {
return NGX_DECLINED;
}
+ if (pkt->payload.len == 0) {
+ /*
+ * An endpoint MUST treat receipt of a packet containing no
+ * frames as a connection error of type PROTOCOL_VIOLATION.
+ */
+ ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet");
+ pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
+ return NGX_ERROR;
+ }
+
if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) {
/*
* An endpoint MUST treat receipt of a packet that has
@@ -1169,6 +1173,11 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn)
return NGX_ERROR;
}
+#if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS)
+ ngx_quic_hexdump(pkt->log, "quic packet payload",
+ pkt->payload.data, pkt->payload.len);
+#endif
+
*largest_pn = lpn;
return NGX_OK;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 16:25:56 +0000