net/quic/crypto/quic_crypto_server_config.cc - Issue 186313002: Make the VER tag required in QUIC CHLO and SHLO messages.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 186313002: Make the VER tag required in QUIC CHLO and SHLO messages. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: net/quic/crypto/quic_crypto_server_config.cc

diff --git a/net/quic/crypto/quic_crypto_server_config.cc b/net/quic/crypto/quic_crypto_server_config.cc

index 52ff70908942f92f46c0045c89b854d75c33f4c1..26648a801f2ac701e36d2d5d5cccf4c2464be00d 100644

--- a/net/quic/crypto/quic_crypto_server_config.cc

+++ b/net/quic/crypto/quic_crypto_server_config.cc

@@ -484,18 +484,19 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(

// case, we need to make sure that we actually do not support this version

// and that it wasn't a downgrade attack.

QuicTag client_version_tag;

- // TODO(rch): Make this check mandatory when we remove QUIC_VERSION_12.

- if (client_hello.GetUint32(kVER, &client_version_tag) == QUIC_NO_ERROR) {

- QuicVersion client_version = QuicTagToQuicVersion(client_version_tag);

- if (client_version != version) {

- // Just because client_version is a valid version enum doesn't mean that

- // this server actually supports that version, so we check to see if

- // it's actually in the supported versions list.

- for (size_t i = 0; i < supported_versions.size(); ++i) {

- if (client_version == supported_versions[i]) {

- *error_details = "Downgrade attack detected";

- return QUIC_VERSION_NEGOTIATION_MISMATCH;

- }

+ if (client_hello.GetUint32(kVER, &client_version_tag) != QUIC_NO_ERROR) {

+ *error_details = "client hello missing version list";

+ return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;

+ }

+ QuicVersion client_version = QuicTagToQuicVersion(client_version_tag);

+ if (client_version != version) {

+ // Just because client_version is a valid version enum doesn't mean that

+ // this server actually supports that version, so we check to see if

+ // it's actually in the supported versions list.

+ for (size_t i = 0; i < supported_versions.size(); ++i) {

+ if (client_version == supported_versions[i]) {

+ *error_details = "Downgrade attack detected";

+ return QUIC_VERSION_NEGOTIATION_MISMATCH;

}

« no previous file with comments | « net/quic/crypto/quic_crypto_client_config.cc ('k') | no next file » | no next file with comments »