QUIC WIRE: Refuse integer transport params with trailing body bytes

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22523)
author: Hugo Landau <hlandau@openssl.org> 2023-10-26 11:36:51 +0100
committer: Tomas Mraz <tomas@openssl.org> 2023-11-02 14:22:04 +0100
commit: 05937a70a14520a70e830af63aba4283ac6f3878 (patch)
tree: 3b30245e7815db26860914ad7daaa79af087dd21 /ssl
parent: f94cacb70b677462ecca79314a3d9714f8c0faba (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/quic/quic_wire.c b/ssl/quic/quic_wire.c
index 6f8da05124..425e7efc2e 100644
--- a/ssl/quic/quic_wire.c
+++ b/ssl/quic/quic_wire.c
@@ -950,6 +950,9 @@ int ossl_quic_wire_decode_transport_param_int(PACKET *pkt,
     if (!PACKET_get_quic_vlint(&sub, value))
         return 0;
 
+    if (PACKET_remaining(&sub) > 0)
+        return 0;
+
    return 1;
 }
author	Hugo Landau <hlandau@openssl.org>	2023-10-26 11:36:51 +0100
committer	Tomas Mraz <tomas@openssl.org>	2023-11-02 14:22:04 +0100
commit	05937a70a14520a70e830af63aba4283ac6f3878 (patch)
tree	3b30245e7815db26860914ad7daaa79af087dd21 /ssl
parent	f94cacb70b677462ecca79314a3d9714f8c0faba (diff)