gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

don't queue a packet for later decryption of decryption already failed

Browse Source 
This was an optimization in gQUIC, which relied on trial decryption. In
IETF QUIC, we know with certainty which keys were used to encrypt a
packet, so if decryption fails once, we are certain it will never
succeed.
This commit is contained in:
Marten Seemann
2018-12-19 15:56:01 +06:30
parent 1045c7dc94
commit 605846cfd8
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packet_unpacker.go
View File

@@ -99,7 +99,7 @@ func (u *packetUnpacker) Unpack(hdr *wire.Header, data []byte) (*unpackedPacket,
decrypted, err := opener.Open(buf, data, pn, extHdr.Raw)
if err != nil {
return nil, qerr.Error(qerr.DecryptionFailure, err.Error())
return nil, err
}
// Only do this after decrypting, so we are sure the packet is not attacker-controlled