commit 9320ca7860c3aa427cf14c1f51b53964c7b0ae58
author fayang <fayang@google.com> Mon Aug 03 13:02:59 2020 -0700
committer Copybara-Service <copybara-worker@google.com> Mon Aug 03 13:03:26 2020 -0700
tree ce1c8c4bd65e10acbd4a49cd05f8eb015054bf40
parent c27771b5acdf48f46a53c904cfebd1f22fddb02f

In QUIC, when creator is consuming data in fast path, close connection if stream data is sent in the wrong encryption level. Protected by gfe2_reloadable_flag_quic_check_encryption_level_in_fast_path.

PiperOrigin-RevId: 324666221
Change-Id: I370f76efb1127636e66215fc0fb8dc8b60879988

quic/core/quic_packet_creator.cc

diff --git a/quic/core/quic_packet_creator.cc b/quic/core/quic_packet_creator.cc
index 109042f..f842538 100644
--- a/quic/core/quic_packet_creator.cc
+++ b/quic/core/quic_packet_creator.cc
@@ -1324,6 +1324,13 @@
     bool fin,
     size_t total_bytes_consumed) {
   DCHECK(!QuicUtils::IsCryptoStreamId(transport_version(), id));
+  if (GetQuicReloadableFlag(quic_check_encryption_level_in_fast_path)) {
+    QUIC_RELOADABLE_FLAG_COUNT(quic_check_encryption_level_in_fast_path);
+    if (AttemptingToSendUnencryptedStreamData()) {
+      return QuicConsumedData(total_bytes_consumed,
+                              fin && (total_bytes_consumed == write_length));
+    }
+  }
 
   while (total_bytes_consumed < write_length &&
          delegate_->ShouldGeneratePacket(HAS_RETRANSMITTABLE_DATA,
@@ -1612,14 +1619,7 @@
   if (frame.type == STREAM_FRAME &&
       !QuicUtils::IsCryptoStreamId(framer_->transport_version(),
                                    frame.stream_frame.stream_id) &&
-      (packet_.encryption_level == ENCRYPTION_INITIAL ||
-       packet_.encryption_level == ENCRYPTION_HANDSHAKE)) {
-    const std::string error_details =
-        quiche::QuicheStrCat("Cannot send stream data with level: ",
-                             EncryptionLevelToString(packet_.encryption_level));
-    QUIC_BUG << error_details;
-    delegate_->OnUnrecoverableError(
-        QUIC_ATTEMPT_TO_SEND_UNENCRYPTED_STREAM_DATA, error_details);
+      AttemptingToSendUnencryptedStreamData()) {
     return false;
   }
 
@@ -1949,6 +1949,20 @@
   return largest_payload;
 }
 
+bool QuicPacketCreator::AttemptingToSendUnencryptedStreamData() {
+  if (packet_.encryption_level == ENCRYPTION_ZERO_RTT ||
+      packet_.encryption_level == ENCRYPTION_FORWARD_SECURE) {
+    return false;
+  }
+  const std::string error_details =
+      quiche::QuicheStrCat("Cannot send stream data with level: ",
+                           EncryptionLevelToString(packet_.encryption_level));
+  QUIC_BUG << error_details;
+  delegate_->OnUnrecoverableError(QUIC_ATTEMPT_TO_SEND_UNENCRYPTED_STREAM_DATA,
+                                  error_details);
+  return true;
+}
+
 bool QuicPacketCreator::HasIetfLongHeader() const {
   return VersionHasIetfInvariantHeader(framer_->transport_version()) &&
          packet_.encryption_level < ENCRYPTION_FORWARD_SECURE;