Reset stream if stream frame contains data that goes beyond stream's close offset.
This fixes http://crbug/1002119
gfe-relnote: protected by gfe2_reloadable_flag_quic_rst_if_stream_frame_beyond_close_offset.
PiperOrigin-RevId: 268732204
Change-Id: I66f845e320de89e8634b1bfb0725f599fc43dfd6
diff --git a/quic/core/quic_stream.cc b/quic/core/quic_stream.cc
index 43b8db8..ae302b9 100644
--- a/quic/core/quic_stream.cc
+++ b/quic/core/quic_stream.cc
@@ -6,6 +6,7 @@
#include <string>
+#include "net/third_party/quiche/src/quic/core/quic_error_codes.h"
#include "net/third_party/quiche/src/quic/core/quic_flow_controller.h"
#include "net/third_party/quiche/src/quic/core/quic_session.h"
#include "net/third_party/quiche/src/quic/core/quic_utils.h"
@@ -163,6 +164,12 @@
return;
}
+ if (GetQuicReloadableFlag(quic_rst_if_stream_frame_beyond_close_offset) &&
+ frame.offset + frame.data_length > sequencer_.close_offset()) {
+ Reset(QUIC_DATA_AFTER_CLOSE_OFFSET);
+ return;
+ }
+
if (frame.fin) {
fin_received_ = true;
}
@@ -387,6 +394,15 @@
frame.data_length, ". ", sequencer_.DebugString()));
return;
}
+
+ if (GetQuicReloadableFlag(quic_rst_if_stream_frame_beyond_close_offset)) {
+ QUIC_RELOADABLE_FLAG_COUNT(quic_rst_if_stream_frame_beyond_close_offset);
+ if (frame.offset + frame.data_length > sequencer_.close_offset()) {
+ Reset(QUIC_DATA_AFTER_CLOSE_OFFSET);
+ return;
+ }
+ }
+
if (frame.fin) {
fin_received_ = true;
if (fin_sent_) {
