From cc704a8c319130687285a49c53f263a1fe880943 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Mon, 6 Apr 2020 14:54:10 +0300
Subject: Rejecting new connections with non-zero Initial packet.

---
 src/event/ngx_event_quic.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index ebb9b24af..b96af808d 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -531,6 +531,12 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_tp_t *tp,
         return NGX_ERROR;
     }
 
+    if (pkt->pn != 0) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "invalid initial packet number %L", pkt->pn);
+        return NGX_ERROR;
+    }
+
     if (ngx_quic_init_connection(c) != NGX_OK) {
         return NGX_ERROR;
     }
-- 
cgit