Use the CHLO packet size, not message size when determining how large a REJ can be. Protected by --…

net/quic/core/crypto/quic_crypto_server_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/core/crypto/quic_crypto_server_config.h"
 
 #include <stdlib.h>
 
 #include <algorithm>
 #include <memory>
@@ skipping 549 matching lines @@
     const IPEndPoint& client_address,
     QuicVersion version,
     const QuicVersionVector& supported_versions,
     bool use_stateless_rejects,
     QuicConnectionId server_designated_connection_id,
     const QuicClock* clock,
     QuicRandom* rand,
     QuicCompressedCertsCache* compressed_certs_cache,
     QuicCryptoNegotiatedParameters* params,
     QuicCryptoProof* crypto_proof,
+    QuicByteCount total_framing_overhead,
+    QuicByteCount chlo_packet_size,
     CryptoHandshakeMessage* out,
     DiversificationNonce* out_diversification_nonce,
     string* error_details) const {
   DCHECK(error_details);
 
   const CryptoHandshakeMessage& client_hello =
       validate_chlo_result.client_hello;
   const ClientHelloInfo& info = validate_chlo_result.info;
 
   QuicErrorCode valid = CryptoUtils::ValidateClientHello(
@@ skipping 54 matching lines @@
   StringPiece cert_sct;
   if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) &&
       cert_sct.empty()) {
     params->sct_supported_by_client = true;
   }
 
   if (!info.reject_reasons.empty() || !requested_config.get()) {
     BuildRejection(version, *primary_config, client_hello, info,
                    validate_chlo_result.cached_network_params,
                    use_stateless_rejects, server_designated_connection_id, rand,
-                   compressed_certs_cache, params, *crypto_proof, out);
+                   compressed_certs_cache, params, *crypto_proof,
+                   total_framing_overhead, chlo_packet_size, out);
     return QUIC_NO_ERROR;
   }
 
   if (reject_only) {
     return QUIC_NO_ERROR;
   }
 
   const QuicTag* their_aeads;
   const QuicTag* their_key_exchanges;
   size_t num_their_aeads, num_their_key_exchanges;
@@ skipping 780 matching lines @@
     const Config& config,
     const CryptoHandshakeMessage& client_hello,
     const ClientHelloInfo& info,
     const CachedNetworkParameters& cached_network_params,
     bool use_stateless_rejects,
     QuicConnectionId server_designated_connection_id,
     QuicRandom* rand,
     QuicCompressedCertsCache* compressed_certs_cache,
     QuicCryptoNegotiatedParameters* params,
     const QuicCryptoProof& crypto_proof,
+    QuicByteCount total_framing_overhead,
+    QuicByteCount chlo_packet_size,
     CryptoHandshakeMessage* out) const {
   if (FLAGS_enable_quic_stateless_reject_support && use_stateless_rejects) {
     DVLOG(1) << "QUIC Crypto server config returning stateless reject "
              << "with server-designated connection ID "
              << server_designated_connection_id;
     out->set_tag(kSREJ);
     out->SetValue(kRCID, server_designated_connection_id);
   } else {
     out->set_tag(kREJ);
   }
@@ skipping 24 matching lines @@
   StringPiece client_cached_cert_hashes;
   if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) {
     params->client_cached_cert_hashes = client_cached_cert_hashes.as_string();
   }
 
   const string compressed =
       CompressChain(compressed_certs_cache, crypto_proof.chain,
                     params->client_common_set_hashes,
                     params->client_cached_cert_hashes, config.common_cert_sets);
 
+  DCHECK_GT(chlo_packet_size, client_hello.size());
   // kREJOverheadBytes is a very rough estimate of how much of a REJ
   // message is taken up by things other than the certificates.
   // STK: 56 bytes
   // SNO: 56 bytes
   // SCFG
   //   SCID: 16 bytes
   //   PUBS: 38 bytes
   const size_t kREJOverheadBytes = 166;
   // max_unverified_size is the number of bytes that the certificate chain,
   // signature, and (optionally) signed certificate timestamp can consume before
   // we will demand a valid source-address token.
-  const size_t max_unverified_size =
+  const size_t old_max_unverified_size =
       client_hello.size() * chlo_multiplier_ - kREJOverheadBytes;
+  const size_t new_max_unverified_size =
+      chlo_multiplier_ * (chlo_packet_size - total_framing_overhead) -
+      kREJOverheadBytes;
+  const size_t max_unverified_size = FLAGS_quic_use_chlo_packet_size
+                                         ? new_max_unverified_size
+                                         : old_max_unverified_size;
   static_assert(kClientHelloMinimumSize * kMultiplier >= kREJOverheadBytes,
                 "overhead calculation may underflow");
   bool should_return_sct =
       params->sct_supported_by_client && enable_serving_sct_;
   const size_t sct_size = should_return_sct ? crypto_proof.cert_sct.size() : 0;
   if (info.valid_source_address_token ||
       crypto_proof.signature.size() + compressed.size() + sct_size <
           max_unverified_size) {
     out->SetStringPiece(kCertificateTag, compressed);
     out->SetStringPiece(kPROF, crypto_proof.signature);
@@ skipping 525 matching lines @@
       priority(0),
       source_address_token_boxer(nullptr) {}
 
 QuicCryptoServerConfig::Config::~Config() {
   STLDeleteElements(&key_exchanges);
 }
 
 QuicCryptoProof::QuicCryptoProof() {}
 QuicCryptoProof::~QuicCryptoProof() {}
 }  // namespace net