diff options
| author | liuxueli <[email protected]> | 2021-09-23 15:54:06 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2021-09-23 15:54:06 +0800 |
| commit | e436823d370054508915808d5f26f9665b58ccc0 (patch) | |
| tree | e6da9f09e8d9b9cbcd991cd1c7b9c8acf26563af | |
| parent | 56db00e24f23bf5ae0285883433978c366f2537c (diff) | |
TSG-7850: 修复释放quic stream导致段错误的问题
| -rw-r--r-- | demo/demo.cpp | 26 | ||||
| -rw-r--r-- | src/gquic_process.cpp | 22 |
2 files changed, 40 insertions, 8 deletions
diff --git a/demo/demo.cpp b/demo/demo.cpp index dfafb19..f69e594 100644 --- a/demo/demo.cpp +++ b/demo/demo.cpp @@ -127,13 +127,27 @@ int parse_encrypt_server_name(struct _quic_stream *quic_stream, unsigned char *p { int ext_len=0,used_len=0; - quic_stream->sni_idx=quic_stream->ext_tag_num++; - get_value(payload, &used_len, 2); //Server Name List length + ext_len=get_value(payload, &used_len, 2); //Server Name List length + if(ext_len>0 && ext_len>payload_len) + { + return 0; + } + if(get_value(payload, &used_len, 1)==0) //Server Name type { ext_len=get_value(payload, &used_len, 2); //Server Name length + if(ext_len<0 || ext_len>payload_len) + { + return 0; + } + + quic_stream->sni_idx=quic_stream->ext_tag_num++; get_quic_tlv((char *)payload+used_len, &(quic_stream->ext_tags[quic_stream->sni_idx]), ext_len, EXTENSION_SERVER_NAME, thread_seq); } + else + { + return 0; + } return 1; } @@ -141,7 +155,7 @@ int parse_encrypt_server_name(struct _quic_stream *quic_stream, unsigned char *p int parse_encrypt_client_hello(void *pstream, struct _quic_stream *quic_stream, void *a_packet, unsigned char *payload, int payload_len) { int used_len=0; - int flags=0; + int flags=0,ret=0; int skip_len=0,client_hello_len=0; int ext_type=0, extension_total_len=0; @@ -193,7 +207,11 @@ int parse_encrypt_client_hello(void *pstream, struct _quic_stream *quic_stream, switch(ext_type) { case EXTENSION_SERVER_NAME: - parse_encrypt_server_name(quic_stream, payload+used_len, skip_len, 0); + ret=parse_encrypt_server_name(quic_stream, payload+used_len, skip_len, 0); + if(ret==0) + { + break; + } flags=1; break; case EXTENSION_QUIC_PARAM: diff --git a/src/gquic_process.cpp b/src/gquic_process.cpp index f878fb7..d7138d6 100644 --- a/src/gquic_process.cpp +++ b/src/gquic_process.cpp @@ -1140,11 +1140,21 @@ int parse_encrypt_server_name(struct _quic_stream *quic_stream, unsigned char *p {
int ext_len=0,used_len=0;
- quic_stream->sni_idx=quic_stream->ext_tag_num++;
- get_value(payload, &used_len, 2); //Server Name List length
+ ext_len=get_value(payload, &used_len, 2); //Server Name List length
+ if(ext_len<=0 || ext_len>payload_len)
+ {
+ return 0;
+ }
+
if(get_value(payload, &used_len, 1)==0) //Server Name type
{
ext_len=get_value(payload, &used_len, 2); //Server Name length
+ if(ext_len<=0 || ext_len>payload_len)
+ {
+ return 0;
+ }
+
+ quic_stream->sni_idx=quic_stream->ext_tag_num++;
get_quic_tlv((char *)payload+used_len, &(quic_stream->ext_tags[quic_stream->sni_idx]), ext_len, EXTENSION_SERVER_NAME, thread_seq);
}
@@ -1155,7 +1165,7 @@ int parse_encrypt_client_hello(struct streaminfo *pstream, struct _quic_stream * {
int skip_len=0;
int used_len=0;
- int flags=0;
+ int flags=0,ret=0;
int ext_type=0, extension_total_len=0;
get_value(payload, &used_len, 1); //handshake type
@@ -1209,7 +1219,11 @@ int parse_encrypt_client_hello(struct streaminfo *pstream, struct _quic_stream * switch(ext_type)
{
case EXTENSION_SERVER_NAME:
- parse_encrypt_server_name(quic_stream, payload+used_len, skip_len, pstream->threadnum);
+ ret=parse_encrypt_server_name(quic_stream, payload+used_len, skip_len, pstream->threadnum);
+ if(ret<=0)
+ {
+ break;
+ }
flags=1;
break;
case EXTENSION_QUIC_PARAM:
|