QUIC: limited size of generated Stateless Reset packets.

Made sure to send packets smaller than the triggering packet, following RFC 9000, Section 10.3.3. Reported-by: cyberspace61
author: Sergey Kandaurov <pluknet@nginx.com> 2026-02-20 18:52:56 +0400
committer: Sergey Kandaurov <s.kandaurov@f5.com> 2026-02-26 18:05:07 +0400
commit: 4037746c8058cc8b02295e1a4f6f1c1db38b772e (patch)
tree: 87d0e43f4aa9b81e0ae7063f96244cc521531bbd
parent: 2c7252dcad9f10e9a5ad39f7bfdf1ef86a307528 (diff)
download: nginx-4037746c8058cc8b02295e1a4f6f1c1db38b772e.tar.gz
nginx-4037746c8058cc8b02295e1a4f6f1c1db38b772e.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
index 25fe43de2..72119a8ea 100644
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -839,13 +839,13 @@ ngx_quic_send_stateless_reset(ngx_connection_t *c, ngx_quic_conf_t *conf,
         len = pkt->len - 1;
 
     } else {
-        max = ngx_min(NGX_QUIC_MAX_SR_PACKET, pkt->len * 3);
+        max = ngx_min(NGX_QUIC_MAX_SR_PACKET, pkt->len);
 
         if (RAND_bytes((u_char *) &rndbytes, sizeof(rndbytes)) != 1) {
             return NGX_ERROR;
         }
 
-        len = (rndbytes % (max - NGX_QUIC_MIN_SR_PACKET + 1))
+        len = (rndbytes % (max - NGX_QUIC_MIN_SR_PACKET))
               + NGX_QUIC_MIN_SR_PACKET;
     }
author	Sergey Kandaurov <pluknet@nginx.com>	2026-02-20 18:52:56 +0400
committer	Sergey Kandaurov <s.kandaurov@f5.com>	2026-02-26 18:05:07 +0400
commit	4037746c8058cc8b02295e1a4f6f1c1db38b772e (patch)
tree	87d0e43f4aa9b81e0ae7063f96244cc521531bbd
parent	2c7252dcad9f10e9a5ad39f7bfdf1ef86a307528 (diff)
download	nginx-4037746c8058cc8b02295e1a4f6f1c1db38b772e.tar.gz nginx-4037746c8058cc8b02295e1a4f6f1c1db38b772e.tar.bz2