CERBERUS/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2026-05-13 17:46:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

QUIC: worker-bound stateless reset tokens.

Browse source 
Previously, it was possible to obtain a stateless reset token for a
connection by routing its packet to a wrong worker.  This allowed to
terminate the connection.

The fix is to bind stateless reset token to the worker number.
This commit is contained in:
Roman Arutyunyan 2026-02-26 18:36:52 +04:00 committed by Roman Arutyunyan
parent 7ac4e6b106
commit 0fa49c5f7f
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/event/quic/ngx_event_quic_tokens.c
View file

@ -15,9 +15,13 @@ ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, u_char *secret,
u_char *token)
{
ngx_str_t tmp;
u_char buf[NGX_QUIC_SR_KEY_LEN + sizeof(ngx_uint_t)];
tmp.data = secret;
tmp.len = NGX_QUIC_SR_KEY_LEN;
ngx_memcpy(buf, secret, NGX_QUIC_SR_KEY_LEN);
ngx_memcpy(buf + NGX_QUIC_SR_KEY_LEN, &ngx_worker, sizeof(ngx_uint_t));
tmp.data = buf;
tmp.len = sizeof(buf);
if (ngx_quic_derive_key(c->log, "sr_token_key", &tmp, cid, token,
NGX_QUIC_SR_TOKEN_LEN)