Limit the amount of incoming crypto data that will be buffered. gfe-relnote: protected by disabled flag-protected QUIC_VERSION_48 PiperOrigin-RevId: 266019141 Change-Id: Ife996bdf80a28b3bcce4b02cda49bff0fd23a071

commit: 486a8a944b8acbaea46fd0ccdaf48a9eb98c677d [log] [tgz]
author: nharper <nharper@google.com> Wed Aug 28 16:25:10 2019 -0700
committer: Copybara-Service <copybara-worker@google.com> Fri Aug 30 10:44:53 2019 -0700
tree: c974002bab4954d8574af5bedd62f616bf1dc6b7
parent: 7ba5a74cfaba6f138a7a5c8e0710d1ecfca29da7 [diff] [blame]
diff --git a/quic/core/quic_crypto_stream.cc b/quic/core/quic_crypto_stream.cc
index 9d70139..e5b13f1 100644
--- a/quic/core/quic_crypto_stream.cc
+++ b/quic/core/quic_crypto_stream.cc

@@ -78,6 +78,11 @@
       << "Versions less than 47 shouldn't receive CRYPTO frames";
   EncryptionLevel level = session()->connection()->last_decrypted_level();
   substreams_[level].sequencer.OnCryptoFrame(frame);
+  if (substreams_[level].sequencer.NumBytesBuffered() >
+      BufferSizeLimitForLevel(frame.level)) {
+    CloseConnectionWithDetails(QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA,
+                               "Too much crypto data received");
+  }
 }
 
 void QuicCryptoStream::OnStreamFrame(const QuicStreamFrame& frame) {
@@ -181,6 +186,10 @@
   send_buffer->OnStreamDataConsumed(bytes_consumed);
 }
 
+size_t QuicCryptoStream::BufferSizeLimitForLevel(EncryptionLevel) const {
+  return GetQuicFlag(FLAGS_quic_max_buffered_crypto_bytes);
+}
+
 void QuicCryptoStream::OnSuccessfulVersionNegotiation(
     const ParsedQuicVersion& /*version*/) {}
commit	486a8a944b8acbaea46fd0ccdaf48a9eb98c677d	[log] [tgz]
author	nharper <nharper@google.com>	Wed Aug 28 16:25:10 2019 -0700
committer	Copybara-Service <copybara-worker@google.com>	Fri Aug 30 10:44:53 2019 -0700
tree	c974002bab4954d8574af5bedd62f616bf1dc6b7
parent	7ba5a74cfaba6f138a7a5c8e0710d1ecfca29da7 [diff] [blame]