QUIC WIRE: Refuse integer transport params with trailing body bytes

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22523) (cherry picked from commit 05937a70a14520a70e830af63aba4283ac6f3878)
author: Hugo Landau <hlandau@openssl.org> 2023-10-26 11:36:51 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-11-02 14:23:21 +0100
commit: cecc05c2935ef2c93753f126b71103bc6c0c2c7a (patch)
tree: b4d118ccde3bd1360eac59d4227befabb65e239b /ssl
parent: 3c7c4866464cfb872b91ba204e3c64d4da9e2fdf (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/quic/quic_wire.c b/ssl/quic/quic_wire.c
index 6f8da05124..425e7efc2e 100644
--- a/ssl/quic/quic_wire.c
+++ b/ssl/quic/quic_wire.c
@@ -950,6 +950,9 @@ int ossl_quic_wire_decode_transport_param_int(PACKET *pkt,
     if (!PACKET_get_quic_vlint(&sub, value))
         return 0;
 
+    if (PACKET_remaining(&sub) > 0)
+        return 0;
+
    return 1;
 }
author	Hugo Landau <hlandau@openssl.org>	2023-10-26 11:36:51 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-11-02 14:23:21 +0100
commit	cecc05c2935ef2c93753f126b71103bc6c0c2c7a (patch)
tree	b4d118ccde3bd1360eac59d4227befabb65e239b /ssl
parent	3c7c4866464cfb872b91ba204e3c64d4da9e2fdf (diff)