QUIC: removed check for packet size beyond MAX_UDP_PAYLOAD_SIZE.

The check tested the total size of a packet header and unprotected packet payload, which doesn't include the packet number length and expansion of the packet protection AEAD. If the packet was corrupted, it could cause false triggering of the condition due to unsigned type underflow leading to a connection error. Existing checks for the QUIC header and protected packet payload lengths should be enough.
2020-09-08 13:35:50 +03:00 · 2020-09-08 13:35:50 +03:00 · 1876298d26
commit 1876298d26
parent 23360e59fc
1 changed files with 0 additions and 5 deletions
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@ -1089,11 +1089,6 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
 #endif

    pkt->payload.len = in.len - EVP_GCM_TLS_TAG_LEN;
-
-    if (NGX_QUIC_MAX_UDP_PAYLOAD_SIZE - ad.len < pkt->payload.len) {
-        return NGX_ERROR;
-    }
-
    pkt->payload.data = pkt->plaintext + ad.len;

    rc = ngx_quic_tls_open(ciphers.c, secret, &pkt->payload,