mirror
/
nginx
mirror of https://github.com/nginx/nginx
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

QUIC: fixed possible segfault on handshake failures. 

When using OpenSSL 3.5, the crypto_release_rcd QUIC callback can be
called late, after the QUIC connection was already closed on handshake
failure, resulting in a segmentation fault.  For instance, it happened
if a client Finished message didn't align with a record boundary.
This commit is contained in:
Jan Svojanovsky 2025-12-09 12:27:02 +01:00 committed by Sergey Kandaurov
parent 61690b5dc0
commit 506fe09ecc
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/event/quic/ngx_event_quic_ssl.c
View File

@ -185,7 +185,13 @@ ngx_quic_cbs_release_rcd(ngx_ssl_conn_t *ssl_conn, size_t bytes_read, void *arg)
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic ngx_quic_cbs_release_rcd len:%uz", bytes_read); "quic ngx_quic_cbs_release_rcd len:%uz", bytes_read);
/* already closed on handshake failure */
qc = ngx_quic_get_connection(c); qc = ngx_quic_get_connection(c);
if (qc == NULL) {
return 1;
}
ctx = ngx_quic_get_send_ctx(qc, qc->read_level); ctx = ngx_quic_get_send_ctx(qc, qc->read_level);
cl = ngx_quic_read_buffer(c, &ctx->crypto, bytes_read); cl = ngx_quic_read_buffer(c, &ctx->crypto, bytes_read);