Google Git
Sign in
quiche / quiche.git / e0df3f7007a2d0bc68d3bcde617936a652377c75
commite0df3f7007a2d0bc68d3bcde617936a652377c75[log] [tgz]
authordschinazi <dschinazi@google.com>Mon May 06 16:37:51 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Tue May 07 07:21:42 2019 -0700
tree28d83099d11f582bdd3c2d9171ee7d1e315f5b42
parent244f6dcc1f007cb0517b5f659ec8a9f6dce2b562 [diff]
Make client drop packets with wrong versions

In Google QUIC, packets with the version flag set and a different version number were version negotiation packets. In IETF QUIC, version negotiation packets have their own format, and it is now possible for a client to receive a packet that is not a version negotiation packet but still has a version different from what it expects. Those packets must be dropped.

This issue was found by Chromium clusterfuzz:
https://bugs.chromium.org/p/chromium/issues/detail?id=959143
I was able to reproduce the fuzzer DCHECK failure and verify that the fix prevents it.

gfe-relnote: client-only change to handling of packets with invalid versions, not flag protected
PiperOrigin-RevId: 246921247
Change-Id: I6610c9cd8c667bfad62fd335cc7f45fc425d3d2e
2 files changed
tree: 28d83099d11f582bdd3c2d9171ee7d1e315f5b42
  1. common/
  2. epoll_server/
  3. http2/
  4. quic/
  5. spdy/
  6. CONTRIBUTING.md
  7. LICENSE
  8. README.md
README.md

QUICHE

QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.

The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.