Index: net/quic/quic_connection.cc |
diff --git a/net/quic/quic_connection.cc b/net/quic/quic_connection.cc |
index 66560c6fe416987e6d84f1a9cebb979f7c3cc12e..8b4f4dd4387ac06eeab83526006c9ed3fcd4b468 100644 |
--- a/net/quic/quic_connection.cc |
+++ b/net/quic/quic_connection.cc |
@@ -691,6 +691,14 @@ bool QuicConnection::OnStreamFrame(const QuicStreamFrame& frame) { |
} |
if (frame.stream_id != kCryptoStreamId && |
last_decrypted_packet_level_ == ENCRYPTION_NONE) { |
+ if (FLAGS_quic_detect_memory_corrpution && |
+ MaybeConsiderAsMemoryCorruption(frame)) { |
+ CloseConnection(QUIC_MAYBE_CORRUPTED_MEMORY, |
+ "Received crypto frame on non crypto stream.", |
+ ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); |
+ return false; |
+ } |
+ |
QUIC_BUG << ENDPOINT |
<< "Received an unencrypted data frame: closing connection" |
<< " packet_number:" << last_header_.packet_number |
@@ -2434,4 +2442,28 @@ StringPiece QuicConnection::GetCurrentPacket() { |
return StringPiece(current_packet_data_, last_size_); |
} |
+bool QuicConnection::MaybeConsiderAsMemoryCorruption( |
+ const QuicStreamFrame& frame) { |
+ if (frame.stream_id == kCryptoStreamId || |
+ last_decrypted_packet_level_ != ENCRYPTION_NONE) { |
+ return false; |
+ } |
+ |
+ if (perspective_ == Perspective::IS_SERVER && |
+ frame.data_length >= sizeof(kCHLO) && |
+ strncmp(frame.data_buffer, reinterpret_cast<const char*>(&kCHLO), |
+ sizeof(kCHLO)) == 0) { |
+ return true; |
+ } |
+ |
+ if (perspective_ == Perspective::IS_CLIENT && |
+ frame.data_length >= sizeof(kREJ) && |
+ strncmp(frame.data_buffer, reinterpret_cast<const char*>(&kREJ), |
+ sizeof(kREJ)) == 0) { |
+ return true; |
+ } |
+ |
+ return false; |
+} |
+ |
} // namespace net |