commit | 1de58193310572808e6aad2f4226a5341f12560a | [log] [tgz] |
---|---|---|
author | dschinazi <dschinazi@google.com> | Wed Nov 25 14:46:08 2020 -0800 |
committer | Copybara-Service <copybara-worker@google.com> | Wed Nov 25 14:46:52 2020 -0800 |
tree | 6ecb0ca77cfc6d644523fab511f38651ef16ff0a | |
parent | 9a630bf31b130e29e0f27d6036631e61a3c43135 [diff] |
Prevent buffer overflow in QuicSimpleServerSession::HandleRstOnValidNonexistentStream This fix is based on code from <liujiyong4@gmail.com>, thanks to them for reporting the issue and proposing a fix. The issue here was that this code was using DCHECKs to validate input from the network instead of failing gracefully. QuicSimpleServerSession is not used in production so this code does not require flag protection. PiperOrigin-RevId: 344319749 Change-Id: Ic0f14412ea5e2b398b48cb3d2333c2e1e01d6d35
QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects. QUICHE is only supported on little-endian platforms.
Code can be viewed in CodeSearch in Quiche and is imported into Chromium.