Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(507)

Unified Diff: net/quic/quic_connection.cc

Issue 1983183002: Landing Recent QUIC changes until 5/14/2016 02:25:25 UTC (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: "first try to fix link error for win_clang build" Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/quic_connection.h ('k') | net/quic/quic_connection_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/quic_connection.cc
diff --git a/net/quic/quic_connection.cc b/net/quic/quic_connection.cc
index c45fb86847542c70e251041fb5c4820a181924ec..8b4f4dd4387ac06eeab83526006c9ed3fcd4b468 100644
--- a/net/quic/quic_connection.cc
+++ b/net/quic/quic_connection.cc
@@ -691,6 +691,14 @@ bool QuicConnection::OnStreamFrame(const QuicStreamFrame& frame) {
}
if (frame.stream_id != kCryptoStreamId &&
last_decrypted_packet_level_ == ENCRYPTION_NONE) {
+ if (FLAGS_quic_detect_memory_corrpution &&
+ MaybeConsiderAsMemoryCorruption(frame)) {
+ CloseConnection(QUIC_MAYBE_CORRUPTED_MEMORY,
+ "Received crypto frame on non crypto stream.",
+ ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+ return false;
+ }
+
QUIC_BUG << ENDPOINT
<< "Received an unencrypted data frame: closing connection"
<< " packet_number:" << last_header_.packet_number
@@ -1841,13 +1849,7 @@ void QuicConnection::SendAck() {
}
void QuicConnection::OnRetransmissionTimeout() {
- if (FLAGS_quic_always_has_unacked_packets_on_timeout) {
- DCHECK(sent_packet_manager_.HasUnackedPackets());
- } else {
- if (!sent_packet_manager_.HasUnackedPackets()) {
- return;
- }
- }
+ DCHECK(sent_packet_manager_.HasUnackedPackets());
if (close_connection_after_five_rtos_ &&
sent_packet_manager_.consecutive_rto_count() >= 4) {
@@ -2440,4 +2442,28 @@ StringPiece QuicConnection::GetCurrentPacket() {
return StringPiece(current_packet_data_, last_size_);
}
+bool QuicConnection::MaybeConsiderAsMemoryCorruption(
+ const QuicStreamFrame& frame) {
+ if (frame.stream_id == kCryptoStreamId ||
+ last_decrypted_packet_level_ != ENCRYPTION_NONE) {
+ return false;
+ }
+
+ if (perspective_ == Perspective::IS_SERVER &&
+ frame.data_length >= sizeof(kCHLO) &&
+ strncmp(frame.data_buffer, reinterpret_cast<const char*>(&kCHLO),
+ sizeof(kCHLO)) == 0) {
+ return true;
+ }
+
+ if (perspective_ == Perspective::IS_CLIENT &&
+ frame.data_length >= sizeof(kREJ) &&
+ strncmp(frame.data_buffer, reinterpret_cast<const char*>(&kREJ),
+ sizeof(kREJ)) == 0) {
+ return true;
+ }
+
+ return false;
+}
+
} // namespace net
« no previous file with comments | « net/quic/quic_connection.h ('k') | net/quic/quic_connection_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698