From: Hugo Landau <hlandau@openssl.org>
Date: Thu, 26 Oct 2023 10:36:51 +0000 (+0100)
Subject: QUIC WIRE: Refuse integer transport params with trailing body bytes
X-Git-Tag: openssl-3.3.0-alpha1~683
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=05937a70a14520a70e830af63aba4283ac6f3878;p=thirdparty%2Fopenssl.git

QUIC WIRE: Refuse integer transport params with trailing body bytes

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22523)
---

diff --git a/ssl/quic/quic_wire.c b/ssl/quic/quic_wire.c
index 6f8da05124b..425e7efc2ed 100644
--- a/ssl/quic/quic_wire.c
+++ b/ssl/quic/quic_wire.c
@@ -950,6 +950,9 @@ int ossl_quic_wire_decode_transport_param_int(PACKET *pkt,
     if (!PACKET_get_quic_vlint(&sub, value))
         return 0;
 
+    if (PACKET_remaining(&sub) > 0)
+        return 0;
+
    return 1;
 }