nginx.git/src/event/quic, branch release-1.28.3 nginx QUIC: improved error handling in OpenSSL compat layer. 2026-03-24T18:33:23+00:00 user.email 123011167+lukefr09@users.noreply.github.com 2026-02-24T01:33:57+00:00 3986410e12e2b1abc81965dd96598d4c2dd02b00 Previously ngx_quic_compat_create_record() could try to encrypt a TLS record even if encryption context was missing, which resulted in a NULL pointer dereference. The context is created by ngx_quic_compat_set_encryption_secret() called from the OpenSSL keylog callback. If an error occurred in that function, the context could remain missing. This could happen under memory pressure, if an allocation failed inside this function. The fix is to handle errors from ngx_quic_compat_set_encryption_secret() and set qc->error to trigger an error after SSL_do_handshake() return. Also, a check for context is added to ngx_quic_compat_create_record() to avoid other similar issues. 
Previously ngx_quic_compat_create_record() could try to encrypt a TLS
record even if encryption context was missing, which resulted in a NULL
pointer dereference.

The context is created by ngx_quic_compat_set_encryption_secret() called
from the OpenSSL keylog callback.  If an error occurred in that function,
the context could remain missing.  This could happen under memory pressure,
if an allocation failed inside this function.

The fix is to handle errors from ngx_quic_compat_set_encryption_secret()
and set qc->error to trigger an error after SSL_do_handshake() return.
Also, a check for context is added to ngx_quic_compat_create_record()
to avoid other similar issues.
QUIC: worker-bound stateless reset tokens. 2026-03-24T18:33:23+00:00 Roman Arutyunyan arut@nginx.com 2026-02-26T14:36:52+00:00 0fa49c5f7fa03c628c887fe69acbd7da0ec4e585 Previously, it was possible to obtain a stateless reset token for a connection by routing its packet to a wrong worker. This allowed to terminate the connection. The fix is to bind stateless reset token to the worker number. 
Previously, it was possible to obtain a stateless reset token for a
connection by routing its packet to a wrong worker.  This allowed to
terminate the connection.

The fix is to bind stateless reset token to the worker number.
QUIC: Stateless Reset rate limiting. 2026-03-24T18:33:23+00:00 Sergey Kandaurov pluknet@nginx.com 2026-02-25T17:09:21+00:00 7ac4e6b106ea926b57ccef1ec0fe2559dda7dc5c It uses a bloom filter to limit sending Stateless Reset packets no more than once per second in average for the given address. This allows to address resource asymmetry from precomputed packets, as well as to limit potential Stateless Reset exchange. 
It uses a bloom filter to limit sending Stateless Reset packets no more
than once per second in average for the given address.  This allows to
address resource asymmetry from precomputed packets, as well as to limit
potential Stateless Reset exchange.
QUIC: refactored ngx_quic_address_hash(). 2026-03-24T18:33:23+00:00 Sergey Kandaurov pluknet@nginx.com 2026-02-25T17:07:01+00:00 e0c5fd912f1cb37fe7a69a61c9fd95d1ebc33c61 Now it accepts an optional salt, to be used in a subsequent change. 
Now it accepts an optional salt, to be used in a subsequent change.
QUIC: moved ngx_quic_address_hash(). 2026-03-24T18:33:23+00:00 Sergey Kandaurov pluknet@nginx.com 2026-02-20T15:01:20+00:00 caec29ecdbe9484606b3f7274e822ce5a788bc04 






QUIC: limited size of generated Stateless Reset packets.
2026-03-24T18:33:23+00:00

Sergey Kandaurov
pluknet@nginx.com

2026-02-20T14:52:56+00:00

5d1ad15bde9fb13b15626fc732488329499bdd4f

Made sure to send packets smaller than the triggering packet,
following RFC 9000, Section 10.3.3.

Reported-by: cyberspace61





Made sure to send packets smaller than the triggering packet,
following RFC 9000, Section 10.3.3.

Reported-by: cyberspace61







QUIC: adjusted minimum packet size to send Stateless Reset.
2026-03-24T18:33:23+00:00

Sergey Kandaurov
pluknet@nginx.com

2026-02-20T14:59:06+00:00

eadf0aa8bc21bab720f8a9d5b56c211b164c791f

Now to be valid, it also assumes the Connection ID we require from a client.





Now to be valid, it also assumes the Connection ID we require from a client.







Use NULL instead of 0 for null pointer constant.
2025-12-23T18:40:33+00:00

Andrew Clayton
a.clayton@nginx.com

2025-05-21T21:30:20+00:00

a39be5d9d296b72091f3181eea58303ac8d0828f

There were a few random places where 0 was being used as a null pointer
constant.

We have a NULL macro for this very purpose, use it.

There is also some interest in actually deprecating the use of 0 as a
null pointer constant in C.

This was found with -Wzero-as-null-pointer-constant which was enabled
for C in GCC 15 (not enabled with Wall or Wextra... yet).

Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117059>





There were a few random places where 0 was being used as a null pointer
constant.

We have a NULL macro for this very purpose, use it.

There is also some interest in actually deprecating the use of 0 as a
null pointer constant in C.

This was found with -Wzero-as-null-pointer-constant which was enabled
for C in GCC 15 (not enabled with Wall or Wextra... yet).

Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117059>







QUIC: do not block ACKs by congestion control.
2025-12-23T18:40:33+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-04-25T19:32:24+00:00

af8b6ac13e84371f598064b23f401e8764dde881

Previously, it was not possible to send acknowledgments if the
congestion window was limited or temporarily exceeded, such as
after sending a large response or MTU probe.  If ACKs were not
received from the peer for some reason to update the in-flight
bytes counter below the congestion window, this might result in
a stalled connection.

The fix is to send ACKs regardless of congestion control.  This
meets RFC 9002, Section 7:
: Similar to TCP, packets containing only ACK frames do not count
: toward bytes in flight and are not congestion controlled.

This is a simplified implementation to send ACK frames from the
head of the queue.  This was made possible after 6f5f17358.

Reported in trac ticket #2621 and subsequently by Vladimir Homutov:
https://mailman.nginx.org/pipermail/nginx-devel/2025-April/ZKBAWRJVQXSZ2ISG3YJAF3EWMDRDHCMO.html





Previously, it was not possible to send acknowledgments if the
congestion window was limited or temporarily exceeded, such as
after sending a large response or MTU probe.  If ACKs were not
received from the peer for some reason to update the in-flight
bytes counter below the congestion window, this might result in
a stalled connection.

The fix is to send ACKs regardless of congestion control.  This
meets RFC 9002, Section 7:
: Similar to TCP, packets containing only ACK frames do not count
: toward bytes in flight and are not congestion controlled.

This is a simplified implementation to send ACK frames from the
head of the queue.  This was made possible after 6f5f17358.

Reported in trac ticket #2621 and subsequently by Vladimir Homutov:
https://mailman.nginx.org/pipermail/nginx-devel/2025-April/ZKBAWRJVQXSZ2ISG3YJAF3EWMDRDHCMO.html







Fixed -Wunterminated-string-initialization with gcc15.
2025-04-23T11:48:54+00:00

Roman Arutyunyan
arut@nginx.com

2025-04-16T12:56:44+00:00

3a97c9616cfd7c4dd3a177cb2cb583301e80404c