From d54717995eeda20918895ce375d69dc2d51f59c6 Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arut@nginx.com>
Date: Fri, 25 Sep 2020 21:46:55 +0300
Subject: [PATCH] QUIC: keep the entire packet size in pkt->len.

Previously pkt->len kept the length of the packet remainder starting from
pkt->raw->pos.
---
 src/event/ngx_event_quic.c            | 2 +-
 src/event/ngx_event_quic_protection.c | 6 ++++--
 src/event/ngx_event_quic_transport.c  | 5 ++---
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index f8e449517..f79ec408f 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -1676,7 +1676,7 @@ ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b)
          */
 
         /* b->pos is at header end, adjust by actual packet length */
-        b->pos += pkt.len;
+        b->pos = pkt.data + pkt.len;
         p = ngx_quic_skip_zero_padding(b);
     }
 
diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c
index 0d205a160..2f686cd7e 100644
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -997,6 +997,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
     uint64_t *largest_pn)
 {
     u_char               clearflags, *p, *sample;
+    size_t               len;
     uint8_t              badflags;
     uint64_t             pn, lpn;
     ngx_int_t            pnl, rc, key_phase;
@@ -1012,6 +1013,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
     secret = pkt->secret;
 
     p = pkt->raw->pos;
+    len = pkt->data + pkt->len - p;
 
     /* draft-ietf-quic-tls-23#section-5.4.2:
      * the Packet Number field is assumed to be 4 bytes long
@@ -1019,7 +1021,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
      * AES-Based and ChaCha20-Based header protections sample 16 bytes
      */
 
-    if (pkt->len < EVP_GCM_TLS_TAG_LEN + 4) {
+    if (len < EVP_GCM_TLS_TAG_LEN + 4) {
         return NGX_DECLINED;
     }
 
@@ -1062,7 +1064,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
     /* packet protection */
 
     in.data = p;
-    in.len = pkt->len - pnl;
+    in.len = len - pnl;
 
     if (ngx_quic_long_pkt(pkt->flags)) {
         badflags = clearflags & NGX_QUIC_PKT_LONG_RESERVED_BIT;
diff --git a/src/event/ngx_event_quic_transport.c b/src/event/ngx_event_quic_transport.c
index 1d270a2f2..be0aed78d 100644
--- a/src/event/ngx_event_quic_transport.c
+++ b/src/event/ngx_event_quic_transport.c
@@ -511,7 +511,6 @@ ngx_quic_parse_short_header(ngx_quic_header_t *pkt, ngx_str_t *dcid)
     }
 
     pkt->raw->pos = p;
-    pkt->len = end - p;
 
     return NGX_OK;
 }
@@ -561,7 +560,7 @@ ngx_quic_parse_initial_header(ngx_quic_header_t *pkt)
     }
 
     pkt->raw->pos = p;
-    pkt->len = varint;
+    pkt->len = p + varint - pkt->data;
 
 #ifdef NGX_QUIC_DEBUG_PACKETS
     ngx_quic_hexdump(pkt->log, "quic DCID", pkt->dcid.data, pkt->dcid.len);
@@ -600,7 +599,7 @@ ngx_quic_parse_handshake_header(ngx_quic_header_t *pkt)
     }
 
     pkt->raw->pos = p;
-    pkt->len = plen;
+    pkt->len = p + plen - pkt->data;
 
     return NGX_OK;
 }