Google Git
Sign in
quiche / quiche.git / 0131a5ba98b361e2fb646d36eb071b4f86fb581b
commit0131a5ba98b361e2fb646d36eb071b4f86fb581b[log] [tgz]
authorQUICHE team <quiche-dev@google.com>Wed Mar 20 15:23:27 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Wed Mar 20 16:10:39 2019 -0700
tree8d900cd29587c021028ce62d25721539f0c4cbc1
parentdc41bf1a71fa71ffd0b7882604a8b3e7b8df70ea [diff]
Check new connection ID length before reading it

This CL fixes a buffer overflow in the NEW_CONNECTION_ID read path, and adds sanity checks to prevent similar issues from reoccuring. The issue was found by clusterfuzz:
https://bugs.chromium.org/p/chromium/issues/detail?id=943951#c4

gfe-relnote: trivial security fix when parsing invalid frame, not flag protected
PiperOrigin-RevId: 239486794
Change-Id: I70b8e7b4adfd52afbbcb3308ba7dded0416c884e
4 files changed
tree: 8d900cd29587c021028ce62d25721539f0c4cbc1
  1. http2/
  2. quic/
  3. spdy/
  4. CONTRIBUTING.md
  5. LICENSE
  6. README.md
README.md

QUICHE

QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.

The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.