TSG-8261,TSG-8291: 部分QUIC RFC9000未解析出SNI/User-Agent字段v1.4.8

author: liuxueli <[email protected]> 2021-11-05 20:57:48 +0300
committer: liuxueli <[email protected]> 2021-11-05 20:57:48 +0300
commit: da000d2b4b1e6c6caf3106f40420efce00671210 (patch)
tree: 9a7ea70b202ce2dbb7bc497de37088961e6fb12b /src/gquic_process.cpp
parent: eecd661b91fbca2240dd7fdb0792459e036af75a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/gquic_process.cpp b/src/gquic_process.cpp
index b458f2b..79b8efe 100644
--- a/src/gquic_process.cpp
+++ b/src/gquic_process.cpp
@@ -1318,7 +1318,7 @@ static int get_decrypt_payload(unsigned char * payload, int payload_len, unsigne
 			length=get_value(payload, used_len, 1);	// length=8bit
 		}
 
-		if((*join_payload_len)<join_length+length)
+		if((*join_payload_len)<join_length+length || offset<0 || offset>payload_len)
 		{
 			break;
 		}
@@ -1448,7 +1448,7 @@ int quic_process(struct streaminfo *pstream, struct _quic_context* _context, int
 				{
 					_context->is_decrypt=1;
 					ret=dissect_quic((char *)udp_detail->pdata, udp_detail->datalen, decrypt_payload, &decrypt_payload_len);
-					if(ret!=1)
+					if(ret!=1 || decrypt_payload_len>2048 || decrypt_payload_len<0)
 					{
 						return APP_STATE_GIVEME;
 					}
author	liuxueli <[email protected]>	2021-11-05 20:57:48 +0300
committer	liuxueli <[email protected]>	2021-11-05 20:57:48 +0300
commit	da000d2b4b1e6c6caf3106f40420efce00671210 (patch)
tree	9a7ea70b202ce2dbb7bc497de37088961e6fb12b /src/gquic_process.cpp
parent	eecd661b91fbca2240dd7fdb0792459e036af75a (diff)