Google Git
Sign in
quiche / quiche.git / 4ff606217c21e4498176a096566278466a758aa5
commit4ff606217c21e4498176a096566278466a758aa5[log] [tgz]
authorbnc <bnc@google.com>Fri Aug 09 18:55:45 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Fri Aug 09 18:56:14 2019 -0700
treebe3317985d71801c08c716f221f4b638f65e46eb
parent23e8cd84d63aaf56837e9ba7dd48fa5a93087877 [diff]
Ignore read data on PendingStream after invalid type byte is received.

This bug has been discovered by Chromium's ClusterFuzz at
https://crbug.com/969391.  I locally verified that this CL fixes the crash
with that particular fuzzer input.

https://quicwg.org/base-drafts/draft-ietf-quic-transport.html#frame-stop-sending
notes that a STOP_SENDING frame communicate that "incoming data is being
discarded on receipt".  This CL adds a single line to make PendingStream
actually discard incoming data.  Before this change, PendingStream could be
tricked into reading further data bytes by retransmitting the original stream
frame, which could have resulted in creating and activating a unidirectional
stream.

gfe-relnote: n/a, change in QUIC v99 only.
PiperOrigin-RevId: 262674708
Change-Id: Icaf0e700711b7220b36e595deb95620cac1d89af
5 files changed
tree: be3317985d71801c08c716f221f4b638f65e46eb
  1. common/
  2. epoll_server/
  3. http2/
  4. quic/
  5. spdy/
  6. CONTRIBUTING.md
  7. LICENSE
  8. README.md
README.md

QUICHE

QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.

The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.