drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-30 05:50:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws: prevent out-of-band access in IsQUICCryptoHello

Browse Source
This commit is contained in:
bol-van 2022-03-25 20:08:05 +03:00
parent 4dc6639b5a
commit 64406960aa
10 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
binaries/aarch64/nfqws
View File

Binary file not shown.

BIN
binaries/arm/nfqws
View File

Binary file not shown.

BIN
binaries/freebsd-x64/dvtws
View File

Binary file not shown.

BIN
binaries/mips32r1-lsb/nfqws
View File

Binary file not shown.

BIN
binaries/mips32r1-msb/nfqws
View File

Binary file not shown.

BIN
binaries/mips64r2-msb/nfqws
View File

Binary file not shown.

BIN
binaries/ppc/nfqws
View File

Binary file not shown.

BIN
binaries/x86/nfqws
View File

Binary file not shown.

BIN
binaries/x86_64/nfqws
View File

Binary file not shown.

6
nfq/protocol.c
View File

@ -86,10 +86,12 @@ bool IsQUICCryptoHello(const uint8_t *data, size_t len, size_t *hello_offset, si
size_t offset = 1;
uint64_t coff, clen;
if (len < 3 || *data != 6) return false;
if ((offset+tvb_get_size(data[offset])) >= len) return false;
offset += tvb_get_varint(data + offset, &coff);
if (offset >= len) return false;
// offset must be 0 if it's a full segment, not just a chunk
if (coff || (offset+tvb_get_size(data[offset])) >= len) return false;
offset += tvb_get_varint(data + offset, &clen);
if (offset >= len || data[offset] != 0x01 || (offset + coff + clen) > len) return false;
if (data[offset] != 0x01 || (offset + coff + clen) > len) return false;
if (hello_offset) *hello_offset = offset + coff;
if (hello_len) *hello_len = (size_t)clen;
return true;