1 month ago · 44f3e4a3b7
--- a/src/quic.c
+++ b/src/quic.c
@@ -83,6 +83,11 @@ static QuicRecord *quic_record_make(WOLFSSL *ssl,
 
				         }
			
 
				         else {
			
 
				             qr->capacity = qr->len = qr_length(data, len);
			
 
				+            if (qr->capacity > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) {
			
 
				+                WOLFSSL_MSG("QUIC length read larger than expected");
			
 
				+                quic_record_free(ssl, qr);
			
 
				+                return NULL;
			
 
				+            }
			
 
				         }
			
 
				         if (qr->capacity == 0) {
			
 
				             qr->capacity = 2*1024;
			
@@ -131,7 +136,8 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data,
 
				         qr->len = qr_length(qr->data, qr->end);
			
 
				 
			
 
				         /* sanity check on length read from wire before use */
			
 
				-        if (qr->len > (len + qr->capacity)) {
			
 
				+        if (qr->len > WOLFSSL_QUIC_MAX_RECORD_CAPACITY) {
			
 
				+            WOLFSSL_MSG("Length read for quic is larger than expected");
			
 
				             ret = BUFFER_E;
			
 
				             goto cleanup;
			
 
				         }
			
--- a/wolfssl/quic.h
+++ b/wolfssl/quic.h
@@ -290,6 +290,15 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen,
 
				                       const uint8_t* salt, size_t saltlen,
			
 
				                       const uint8_t* info, size_t infolen);
			
 
				 
			
 
				+/* most common QUIC packet size as of 2022 was 1,200 bytes
			
 
				+ * largest packet size listed in the RFC is 1,392 bytes
			
 
				+ * this gives plenty of breathing room for capacity of records but keeps sizes
			
 
				+ * read from the wire sane */
			
 
				+#ifndef WOLFSSL_QUIC_MAX_RECORD_CAPACITY
			
 
				+    /* 1024*1024 -- 1 MB */
			
 
				+    #define WOLFSSL_QUIC_MAX_RECORD_CAPACITY 1048576
			
 
				+#endif
			
 
				+
			
 
				 #endif /* WOLFSSL_QUIC */
			
 
				 
			
 
				 #ifdef __cplusplus