Fix check for QuicFramer detecting old header format with new version
Fixes crbug.com/958752, crbug.com/958665, crbug.com/958633
gfe-relnote: Fix bug found by fuzzer; protected by QUIC_VERSION_99 and reloadable flag quic_v44_disable_trial_decryption
PiperOrigin-RevId: 246414836
Change-Id: Iac1a21476e151d382e901133a0209eadd2e17a83
diff --git a/quic/core/quic_framer.cc b/quic/core/quic_framer.cc
index eb1c8c0..303dca2 100644
--- a/quic/core/quic_framer.cc
+++ b/quic/core/quic_framer.cc
@@ -2404,7 +2404,19 @@
"Visitor asked to stop processing of unauthenticated header.");
return false;
}
- if (!header->version_flag && version().KnowsWhichDecrypterToUse()) {
+ // The function we are in is called because the framer believes that it is
+ // processing a packet that uses the non-IETF (i.e. Google QUIC) packet header
+ // type. Usually, the framer makes that decision based on the framer's
+ // version, but when the framer is used with Perspective::IS_SERVER, then
+ // before version negotiation is complete (specifically, before
+ // InferPacketHeaderTypeFromVersion is called), this decision is made based on
+ // the type byte of the packet.
+ //
+ // If the framer's version KnowsWhichDecrypterToUse, then that version expects
+ // to use the IETF packet header type. If that's the case and we're in this
+ // function, then the packet received is invalid: the framer was expecting an
+ // IETF packet header and didn't get one.
+ if (version().KnowsWhichDecrypterToUse()) {
set_detailed_error("Invalid public header type for expected version.");
return RaiseError(QUIC_INVALID_PACKET_HEADER);
}
