details:
https://github.com/nginx/nginx/commit/a52ba8ba0e349585e49073c168e423c12abcf597
branches: master
commit: a52ba8ba0e349585e49073c168e423c12abcf597
user: Roman Arutyunyan <a...@nginx.com>
date: Fri, 13 Dec 2024 13:25:26 +0400
description:
QUIC: ignore version negotiation packets.
Previously, such packets were treated as long header packets with unknown
version 0, and a version negotiation packet was sent in response. This
could be used to set up an infinite traffic reflect loop with another nginx
instance.
Now version negotiation packets are ignored. As per RFC 9000, Section 6.1:
An endpoint MUST NOT send a Version Negotiation packet in response to
receiving a Version Negotiation packet.
---
src/event/quic/ngx_event_quic_transport.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/event/quic/ngx_event_quic_transport.c
b/src/event/quic/ngx_event_quic_transport.c
index fba098caa..bb13447b5 100644
--- a/src/event/quic/ngx_event_quic_transport.c
+++ b/src/event/quic/ngx_event_quic_transport.c
@@ -295,6 +295,11 @@ ngx_quic_parse_packet(ngx_quic_header_t *pkt)
return NGX_ERROR;
}
+ if (pkt->version == 0) {
+ /* version negotiation */
+ return NGX_ERROR;
+ }
+
if (!ngx_quic_supported_version(pkt->version)) {
return NGX_ABORT;
}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
