You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2018/07/15 02:14:13 UTC

[trafficserver] branch quic-latest updated (9e23ea5 -> 97737e6)

This is an automated email from the ASF dual-hosted git repository.

maskit pushed a change to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


    from 9e23ea5  Fix build issues
     new 4503964  Check the buffer size before reading a packet number
     new 97737e6  Add debug prints

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 iocore/net/quic/QUICPacket.cc      | 10 +++++++---
 iocore/net/quic/QUICTLS_openssl.cc |  2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

[trafficserver] 02/02: Add debug prints

Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 97737e6b183ad1f97abdb3e7adb2766c31dbad1d
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Sun Jul 15 11:13:42 2018 +0900

    Add debug prints
---
 iocore/net/quic/QUICPacket.cc      | 6 +++---
 iocore/net/quic/QUICTLS_openssl.cc | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/iocore/net/quic/QUICPacket.cc b/iocore/net/quic/QUICPacket.cc
index fd9a1db..cffe2c9 100644
--- a/iocore/net/quic/QUICPacket.cc
+++ b/iocore/net/quic/QUICPacket.cc
@@ -851,17 +851,17 @@ QUICPacket::unprotect_packet_number(uint8_t *packet, size_t packet_len, const QU
       break;
     }
     if (!QUICPacketLongHeader::packet_number_offset(pn_offset, packet, packet_len)) {
-      Debug("quic", "Failed to calculate packet number offset");
+      Debug(tag.data(), "Failed to calculate packet number offset");
       return false;
     }
 
-    Debug("quic", "Unprotecting a packet number of %s packet using %s", QUICDebugNames::packet_type(type),
+    Debug(tag.data(), "Unprotecting a packet number of %s packet using %s", QUICDebugNames::packet_type(type),
           QUICDebugNames::key_phase(phase));
 
   } else {
     QUICPacketShortHeader::key_phase(phase, packet, packet_len);
     if (!QUICPacketShortHeader::packet_number_offset(pn_offset, packet, packet_len, QUICConfigParams::scid_len())) {
-      Debug("quic", "Failed to calculate packet number offset");
+      Debug(tag.data(), "Failed to calculate packet number offset");
       return false;
     }
   }
diff --git a/iocore/net/quic/QUICTLS_openssl.cc b/iocore/net/quic/QUICTLS_openssl.cc
index a1030b0..f616a9f 100644
--- a/iocore/net/quic/QUICTLS_openssl.cc
+++ b/iocore/net/quic/QUICTLS_openssl.cc
@@ -216,7 +216,7 @@ QUICTLS::_decrypt(uint8_t *plain, size_t &plain_len, size_t max_plain_len, const
     plain_len += len;
     return true;
   } else {
-    Debug(tag, "Failed to decrypt");
+    Debug(tag, "Failed to decrypt -- the first 4 bytes decrypted are %0x %0x %0x %0x", plain[0], plain[1], plain[2], plain[3]);
     return false;
   }
 }

[trafficserver] 01/02: Check the buffer size before reading a packet number

Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 4503964ea557ffb9e9a9b7d24a070d1abcb76ff8
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Sun Jul 15 11:12:25 2018 +0900

    Check the buffer size before reading a packet number
---
 iocore/net/quic/QUICPacket.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/iocore/net/quic/QUICPacket.cc b/iocore/net/quic/QUICPacket.cc
index e143181..fd9a1db 100644
--- a/iocore/net/quic/QUICPacket.cc
+++ b/iocore/net/quic/QUICPacket.cc
@@ -873,6 +873,10 @@ QUICPacket::unprotect_packet_number(uint8_t *packet, size_t packet_len, const QU
     return false;
   }
   unprotected_pn_len = QUICTypeUtil::read_QUICPacketNumberLen(unprotected_pn);
+  if (pn_offset + unprotected_pn_len > packet_len) {
+    Debug(tag.data(), "Malformed header: pn_offset=%zu, pn_len=%d", pn_offset, unprotected_pn_len);
+    return false;
+  }
   memcpy(packet + pn_offset, unprotected_pn, unprotected_pn_len);
   return true;
 }