commit 01918c04f1e80fa73b19a4c3557fdea6c54f77ee
author bnc <bnc@google.com> Thu Aug 08 07:08:47 2019 -0700
committer Copybara-Service <copybara-worker@google.com> Thu Aug 08 07:30:33 2019 -0700
tree e214b07d0e4d7a827a3011b55b11d57abfd2070e
parent e7f67964e96d91e09bb5da5a316ffd7b89e57beb

Signal error in HttpDecoder if frames have disallowed extra payload.

gfe-relnote: n/a, change to QUIC v99-only code.  Protected by existing disabled gfe2_reloadable_flag_quic_enable_version_99.
PiperOrigin-RevId: 262344819
Change-Id: Ie0e82fc87f9da8e2533a177a062f58edefe35cb7

quic/core/http/http_decoder.cc

diff --git a/quic/core/http/http_decoder.cc b/quic/core/http/http_decoder.cc
index 1a89324..227a839 100644
--- a/quic/core/http/http_decoder.cc
+++ b/quic/core/http/http_decoder.cc
@@ -314,6 +314,11 @@
         RaiseError(QUIC_INVALID_FRAME_DATA, "Unable to read push_id");
         return false;
       }
+      if (!reader.IsDoneReading()) {
+        RaiseError(QUIC_INVALID_FRAME_DATA,
+                   "Superfluous data in CANCEL_PUSH frame.");
+        return false;
+      }
       continue_processing = visitor_->OnCancelPushFrame(frame);
       break;
     }
@@ -344,6 +349,11 @@
         RaiseError(QUIC_INVALID_FRAME_DATA, "Unable to read GOAWAY stream_id");
         return false;
       }
+      if (!reader.IsDoneReading()) {
+        RaiseError(QUIC_INVALID_FRAME_DATA,
+                   "Superfluous data in GOAWAY frame.");
+        return false;
+      }
       frame.stream_id = static_cast<QuicStreamId>(stream_id);
       continue_processing = visitor_->OnGoAwayFrame(frame);
       break;
@@ -357,6 +367,11 @@
         RaiseError(QUIC_INVALID_FRAME_DATA, "Unable to read push_id");
         return false;
       }
+      if (!reader.IsDoneReading()) {
+        RaiseError(QUIC_INVALID_FRAME_DATA,
+                   "Superfluous data in MAX_PUSH_ID frame.");
+        return false;
+      }
       continue_processing = visitor_->OnMaxPushIdFrame(frame);
       break;
     }
@@ -369,6 +384,11 @@
         RaiseError(QUIC_INVALID_FRAME_DATA, "Unable to read push_id");
         return false;
       }
+      if (!reader.IsDoneReading()) {
+        RaiseError(QUIC_INVALID_FRAME_DATA,
+                   "Superfluous data in DUPLICATE_PUSH frame.");
+        return false;
+      }
       continue_processing = visitor_->OnDuplicatePushFrame(frame);
       break;
     }
@@ -482,12 +502,12 @@
   if (!reader->ReadUInt8(&frame->weight)) {
     // TODO(b/124216424): Use HTTP_MALFORMED_FRAME.
     RaiseError(QUIC_INVALID_FRAME_DATA,
-               "Unable to read priority frame weight.");
+               "Unable to read PRIORITY frame weight.");
     return false;
   }
   if (!reader->IsDoneReading()) {
     // TODO(b/124216424): Use HTTP_MALFORMED_FRAME.
-    RaiseError(QUIC_INVALID_FRAME_DATA, "Superfluous data in priority frame.");
+    RaiseError(QUIC_INVALID_FRAME_DATA, "Superfluous data in PRIORITY frame.");
     return false;
   }
   return true;

quic/core/http/http_decoder_test.cc

diff --git a/quic/core/http/http_decoder_test.cc b/quic/core/http/http_decoder_test.cc
index 313af62..cbadf3b 100644
--- a/quic/core/http/http_decoder_test.cc
+++ b/quic/core/http/http_decoder_test.cc
@@ -388,11 +388,11 @@
       {payload1, 0, "Unable to read PRIORITY frame flags."},
       {payload1, 1, "Unable to read prioritized_element_id."},
       {payload1, 2, "Unable to read element_dependency_id."},
-      {payload1, 3, "Unable to read priority frame weight."},
-      {payload1, 5, "Superfluous data in priority frame."},
+      {payload1, 3, "Unable to read PRIORITY frame weight."},
+      {payload1, 5, "Superfluous data in PRIORITY frame."},
       {payload2, 0, "Unable to read PRIORITY frame flags."},
-      {payload2, 1, "Unable to read priority frame weight."},
-      {payload2, 3, "Superfluous data in priority frame."},
+      {payload2, 1, "Unable to read PRIORITY frame weight."},
+      {payload2, 3, "Superfluous data in PRIORITY frame."},
   };
 
   for (const auto& test_data : kTestData) {
@@ -837,6 +837,11 @@
                     "\x01"   // length
                     "\x40",  // first byte of two-byte varint push id
                     "Unable to read push_id"},
+                   {"\x03"  // type (CANCEL_PUSH)
+                    "\x04"  // length
+                    "\x05"  // valid push id
+                    "foo",  // superfluous data
+                    "Superfluous data in CANCEL_PUSH frame."},
                    {"\x05"   // type (PUSH_PROMISE)
                     "\x01"   // length
                     "\x40",  // first byte of two-byte varint push id
@@ -845,14 +850,29 @@
                     "\x01"   // length
                     "\x40",  // first byte of two-byte varint push id
                     "Unable to read push_id"},
+                   {"\x0D"  // type (MAX_PUSH_ID)
+                    "\x04"  // length
+                    "\x05"  // valid push id
+                    "foo",  // superfluous data
+                    "Superfluous data in MAX_PUSH_ID frame."},
                    {"\x0E"   // type (DUPLICATE_PUSH)
                     "\x01"   // length
                     "\x40",  // first byte of two-byte varint push id
                     "Unable to read push_id"},
+                   {"\x0E"  // type (DUPLICATE_PUSH)
+                    "\x04"  // length
+                    "\x05"  // valid push id
+                    "foo",  // superfluous data
+                    "Superfluous data in DUPLICATE_PUSH frame."},
                    {"\x07"   // type (GOAWAY)
                     "\x01"   // length
                     "\x40",  // first byte of two-byte varint stream id
-                    "Unable to read GOAWAY stream_id"}};
+                    "Unable to read GOAWAY stream_id"},
+                   {"\x07"  // type (GOAWAY)
+                    "\x04"  // length
+                    "\x05"  // valid stream id
+                    "foo",  // superfluous data
+                    "Superfluous data in GOAWAY frame."}};
 
   for (const auto& test_data : kTestData) {
     {