Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/quic_spdy_session.cc

Issue 1975483003: Fixes use-after-free bug in QUIC. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@2704
Patch Set: Removes use of QuicHeaderList from merge CL. Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/quic_session_test.cc ('k') | net/quic/quic_spdy_stream.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/quic_spdy_session.h" 5 #include "net/quic/quic_spdy_session.h"
6 6
7 #include "net/quic/quic_bug_tracker.h" 7 #include "net/quic/quic_bug_tracker.h"
8 #include "net/quic/quic_headers_stream.h" 8 #include "net/quic/quic_headers_stream.h"
9 9
10 using std::string; 10 using std::string;
11 11
12 namespace net { 12 namespace net {
13 13
14 QuicSpdySession::QuicSpdySession(QuicConnection* connection, 14 QuicSpdySession::QuicSpdySession(QuicConnection* connection,
15 const QuicConfig& config) 15 const QuicConfig& config)
16 : QuicSession(connection, config) {} 16 : QuicSession(connection, config) {}
17 17
18 QuicSpdySession::~QuicSpdySession() {} 18 QuicSpdySession::~QuicSpdySession() {
19 // Set the streams' session pointers in closed and dynamic stream lists
20 // to null to avoid subsequent use of this session.
21 for (auto const& stream : *closed_streams()) {
22 static_cast<QuicSpdyStream*>(stream)->ClearSession();
23 }
24 for (auto const& kv : dynamic_streams()) {
25 static_cast<QuicSpdyStream*>(kv.second)->ClearSession();
26 }
27 }
19 28
20 void QuicSpdySession::Initialize() { 29 void QuicSpdySession::Initialize() {
21 QuicSession::Initialize(); 30 QuicSession::Initialize();
22 31
23 if (perspective() == Perspective::IS_SERVER) { 32 if (perspective() == Perspective::IS_SERVER) {
24 set_largest_peer_created_stream_id(kHeadersStreamId); 33 set_largest_peer_created_stream_id(kHeadersStreamId);
25 } else { 34 } else {
26 QuicStreamId headers_stream_id = GetNextOutgoingStreamId(); 35 QuicStreamId headers_stream_id = GetNextOutgoingStreamId();
27 DCHECK_EQ(headers_stream_id, kHeadersStreamId); 36 DCHECK_EQ(headers_stream_id, kHeadersStreamId);
28 } 37 }
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
107 void QuicSpdySession::OnPromiseHeadersComplete(QuicStreamId stream_id, 116 void QuicSpdySession::OnPromiseHeadersComplete(QuicStreamId stream_id,
108 QuicStreamId promised_stream_id, 117 QuicStreamId promised_stream_id,
109 size_t frame_len) { 118 size_t frame_len) {
110 string error = "OnPromiseHeadersComplete should be overriden in client code."; 119 string error = "OnPromiseHeadersComplete should be overriden in client code.";
111 QUIC_BUG << error; 120 QUIC_BUG << error;
112 connection()->CloseConnection(QUIC_INTERNAL_ERROR, error, 121 connection()->CloseConnection(QUIC_INTERNAL_ERROR, error,
113 ConnectionCloseBehavior::SILENT_CLOSE); 122 ConnectionCloseBehavior::SILENT_CLOSE);
114 } 123 }
115 124
116 } // namespace net 125 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/quic_session_test.cc ('k') | net/quic/quic_spdy_stream.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698