git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

ngtcp2: fix returns when TLS verify failed

Browse Source 
In both send/recv functions of the ngtcp2 filter, when TLS verification
has failed, jump out by skipping ingress/egress handling.

Reported-by: Joshua Rogers
Closes #18881
This commit is contained in:
Stefan Eissing 2025-10-06 13:16:55 +02:00 committed by Daniel Stenberg
parent 752090b963
commit f4e83a0adc
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/vquic/curl_ngtcp2.c
View File

@ -1329,7 +1329,7 @@ static CURLcode cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
/* handshake verification failed in callback, do not recv anything */
if(ctx->tls_vrfy_result) {
result = ctx->tls_vrfy_result;
goto out;
goto denied;
}
pktx_init(&pktx, cf, data);
@ -1361,7 +1361,7 @@ static CURLcode cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
out:
result = Curl_1st_err(result, cf_progress_egress(cf, data, &pktx));
result = Curl_1st_err(result, check_and_set_expiry(cf, data, &pktx));
denied:
CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_recv(blen=%zu) -> %d, %zu",
stream ? stream->id : -1, blen, result, *pnread);
CF_DATA_RESTORE(cf, save);
@ -1616,8 +1616,10 @@ static CURLcode cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
*pnwritten = 0;
/* handshake verification failed in callback, do not send anything */
if(ctx->tls_vrfy_result)
return ctx->tls_vrfy_result;
if(ctx->tls_vrfy_result) {
result = ctx->tls_vrfy_result;
goto denied;
}
(void)eos; /* use for stream EOF and block handling */
result = cf_progress_ingress(cf, data, &pktx);
@ -1684,7 +1686,7 @@ static CURLcode cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
out:
result = Curl_1st_err(result, check_and_set_expiry(cf, data, &pktx));
denied:
CURL_TRC_CF(data, cf, "[%" FMT_PRId64 "] cf_send(len=%zu) -> %d, %zu",
stream ? stream->id : -1, len, result, *pnwritten);
CF_DATA_RESTORE(cf, save);