commit | 4ff606217c21e4498176a096566278466a758aa5 | [log] [tgz] |
---|---|---|
author | bnc <bnc@google.com> | Fri Aug 09 18:55:45 2019 -0700 |
committer | Copybara-Service <copybara-worker@google.com> | Fri Aug 09 18:56:14 2019 -0700 |
tree | be3317985d71801c08c716f221f4b638f65e46eb | |
parent | 23e8cd84d63aaf56837e9ba7dd48fa5a93087877 [diff] |
Ignore read data on PendingStream after invalid type byte is received. This bug has been discovered by Chromium's ClusterFuzz at https://crbug.com/969391. I locally verified that this CL fixes the crash with that particular fuzzer input. https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#frame-stop-sending notes that a STOP_SENDING frame communicate that "incoming data is being discarded on receipt". This CL adds a single line to make PendingStream actually discard incoming data. Before this change, PendingStream could be tricked into reading further data bytes by retransmitting the original stream frame, which could have resulted in creating and activating a unidirectional stream. gfe-relnote: n/a, change in QUIC v99 only. PiperOrigin-RevId: 262674708 Change-Id: Icaf0e700711b7220b36e595deb95620cac1d89af
QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.
The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.