diff options
| author | liuxueli <[email protected]> | 2022-06-16 15:39:13 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2022-06-16 15:39:13 +0800 |
| commit | ffb443ed7e09dcb7c4f9e115223aa24ce94c452b (patch) | |
| tree | b36caf00808888eda2f4141922e94b33670c3527 /src | |
| parent | 98c567cf8892112144c6b72384f889f10473d238 (diff) | |
OMPUB-527: 从解密后的client hello负载中解析user agent参数时,未对参数长度负值进行判断导致parse_quic_transport_parameter函数死循环触发sapp的watchdog timeoutv2.0.4
Diffstat (limited to 'src')
| -rw-r--r-- | src/quic_process.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/quic_process.cpp b/src/quic_process.cpp index fa8c242..833c931 100644 --- a/src/quic_process.cpp +++ b/src/quic_process.cpp @@ -376,7 +376,11 @@ int parse_quic_transport_parameter(struct quic_client_hello *client_hello, const para_offset+=copy_extension_tag(quic_para+para_offset, one_para_length, &client_hello->user_agent, thread_seq); return 1; default: - one_para_length=quic_para[para_offset++]; // length=1 + one_para_length=(int)(quic_para[para_offset++]); // length=1 + if(one_para_length<0 || one_para_length>quic_para_len) + { + break; + } para_offset+=one_para_length; break; } |