tree 5ca7f892a117744bac9bb19bf6251f23be830790
parent 9193b6323eb69f38b76c4b96e58074d6fbd61cbd
author bnc <bnc@google.com> 1644846008 -0800
committer Copybara-Service <copybara-worker@google.com> 1644846056 -0800

Public fix: Limit buffering on the QPACK encoder stream.

A malicious peer may block our stack from sending data on the QPACK encoder
stream (via flow control) while still generating traffic, causing an unlimited
amount of data to be buffered.  To prevent this from happening, this CL makes
QpackEncoder check if the amount of data currently buffered on the send encoder
stream exceeds 64 kB, and if so, it does not emit any further encoder stream
instructions.  It still encodes headers in a spec-compliant way using string
literals and references to static table entries and already emitted dynamic
table entries.

Note that since the buffered amount of data is only checked at the beginning of
encoding each header block, it might increase above the threshold by as much as
encoder stream instructions required to encode the header block.  However,
subsequent header blocks will not trigger any writes on the encoder stream until
the number of buffered bytes goes back below the threshold.

Protected by FLAGS_quic_reloadable_flag_quic_limit_encoder_stream_buffering.

PiperOrigin-RevId: 428482893