commit: 0131a5ba98b361e2fb646d36eb071b4f86fb581b
[log] [tgz]
author: QUICHE team <quiche-dev@google.com>
Wed Mar 20 15:23:27 2019 -0700
committer: Copybara-Service <copybara-worker@google.com>
Wed Mar 20 16:10:39 2019 -0700
tree: 8d900cd29587c021028ce62d25721539f0c4cbc1
parent: dc41bf1a71fa71ffd0b7882604a8b3e7b8df70ea [diff]

Check new connection ID length before reading it

This CL fixes a buffer overflow in the NEW_CONNECTION_ID read path, and adds sanity checks to prevent similar issues from reoccuring. The issue was found by clusterfuzz:
https://bugs.chromium.org/p/chromium/issues/detail?id=943951#c4

gfe-relnote: trivial security fix when parsing invalid frame, not flag protected
PiperOrigin-RevId: 239486794
Change-Id: I70b8e7b4adfd52afbbcb3308ba7dded0416c884e

4 files changed

tree: 8d900cd29587c021028ce62d25721539f0c4cbc1

README.md

QUICHE

QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.

The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.