Landing Recent QUIC changes until 5/14/2016 02:25:25 UTC

net/quic/quic_session.cc

Index: net/quic/quic_session.cc
diff --git a/net/quic/quic_session.cc b/net/quic/quic_session.cc
index 542b518f29fab8d9ed9b2883f4efb440fd797d89..3a433e58da0f026e403c3c56a8c4684f79f9eef5 100644
--- a/net/quic/quic_session.cc
+++ b/net/quic/quic_session.cc
@@ -239,11 +239,25 @@ void QuicSession::ProcessUdpPacket(const IPEndPoint& self_address,
 }
 
 QuicConsumedData QuicSession::WritevData(
+    ReliableQuicStream* stream,
     QuicStreamId id,
     QuicIOVector iov,
     QuicStreamOffset offset,
     bool fin,
     QuicAckListenerInterface* ack_notifier_delegate) {
+  // This check is an attempt to deal with potential memory corruption
+  // in which |id| ends up set to 1 (the crypto stream id). If this happen
+  // it might end up resulting in unencrypted stream data being sent.
+  // While this is impossible to avoid given sufficient corruption, this
+  // seems like a reasonable mitigation.
+  if (id == kCryptoStreamId && stream != GetCryptoStream()) {
+    QUIC_BUG << "Stream id mismatch";
+    connection_->CloseConnection(
+        QUIC_INTERNAL_ERROR,
+        "Non-crypto stream attempted to write data as crypto stream.",
+        ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET);
+    return QuicConsumedData(0, false);
+  }
   if (!IsEncryptionEstablished() && id != kCryptoStreamId) {
     // Do not let streams write without encryption. The calling stream will end
     // up write blocked until OnCanWrite is next called.