From 219053e3e3bd18ecb195815df0023da40dbdff9d Mon Sep 17 00:00:00 2001 From: Sergey Kandaurov Date: Wed, 18 Nov 2020 20:56:11 +0000 Subject: [PATCH] QUIC: rejecting zero-length packets with PROTOCOL_VIOLATION. Per the latest post draft-32 specification updates on the topic: https://github.com/quicwg/base-drafts/pull/4391 --- src/event/ngx_event_quic_protection.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c index 64922b57f..5637fcec5 100644 --- a/src/event/ngx_event_quic_protection.c +++ b/src/event/ngx_event_quic_protection.c @@ -1146,16 +1146,20 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload, nonce, &in, &ad, pkt->log); - -#if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) - ngx_quic_hexdump(pkt->log, "quic packet payload", - pkt->payload.data, pkt->payload.len); -#endif - if (rc != NGX_OK) { return NGX_DECLINED; } + if (pkt->payload.len == 0) { + /* + * An endpoint MUST treat receipt of a packet containing no + * frames as a connection error of type PROTOCOL_VIOLATION. + */ + ngx_log_error(NGX_LOG_INFO, pkt->log, 0, "quic zero-length packet"); + pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION; + return NGX_ERROR; + } + if (pkt->flags & ngx_quic_pkt_rb_mask(pkt->flags)) { /* * An endpoint MUST treat receipt of a packet that has @@ -1169,6 +1173,11 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, uint64_t *largest_pn) return NGX_ERROR; } +#if defined(NGX_QUIC_DEBUG_CRYPTO) && defined(NGX_QUIC_DEBUG_PACKETS) + ngx_quic_hexdump(pkt->log, "quic packet payload", + pkt->payload.data, pkt->payload.len); +#endif + *largest_pn = lpn; return NGX_OK;