Fix object-lifetime issues in async GetProof callpaths

net/quic/core/quic_crypto_server_stream.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/core/quic_crypto_server_stream.h"
 
 #include <memory>
 
 #include "base/base64.h"
 #include "crypto/secure_hash.h"
 #include "net/quic/core/crypto/crypto_protocol.h"
 #include "net/quic/core/crypto/crypto_utils.h"
 #include "net/quic/core/crypto/quic_crypto_server_config.h"
 #include "net/quic/core/crypto/quic_random.h"
 #include "net/quic/core/proto/cached_network_parameters.pb.h"
 #include "net/quic/core/quic_config.h"
 #include "net/quic/core/quic_flags.h"
 #include "net/quic/core/quic_protocol.h"
 #include "net/quic/core/quic_server_session_base.h"
 
 using base::StringPiece;
 using std::string;
 
 namespace net {
 
+class QuicCryptoServerStream::ProcessClientHelloCallback
+    : public ProcessClientHelloResultCallback {
+ public:
+  ProcessClientHelloCallback(
+      QuicCryptoServerStream* stream,
+      const scoped_refptr<ValidateClientHelloResultCallback::Result>& result)
+      : stream_(stream), result_(result) {}
+
+  void Run(
+      QuicErrorCode error,
+      const string& error_details,
+      std::unique_ptr<CryptoHandshakeMessage> message,
+      std::unique_ptr<DiversificationNonce> diversification_nonce) override {
+    if (stream_ == nullptr) {
+      return;
+    }
+
+    // Note: set the parent's callback to nullptr here because
+    // FinishProcessingHandshakeMessageAfterProcessClientHello can be invoked
+    // from either synchronous or asynchronous codepaths.  When the synchronous
+    // codepaths are removed, this assignment should move to
+    // FinishProcessingHandshakeMessageAfterProcessClientHello.
+    stream_->process_client_hello_cb_ = nullptr;
+
+    stream_->FinishProcessingHandshakeMessageAfterProcessClientHello(
+        *result_, error, error_details, std::move(message),
+        std::move(diversification_nonce));
+  }
+
+  void Cancel() { stream_ = nullptr; }
+
+ private:
+  QuicCryptoServerStream* stream_;
+  scoped_refptr<ValidateClientHelloResultCallback::Result> result_;
+};
+
 QuicCryptoServerStreamBase::QuicCryptoServerStreamBase(QuicSession* session)
     : QuicCryptoStream(session) {}
 
 // TODO(jokulik): Once stateless rejects support is inherent in the version
 // number, this function will likely go away entirely.
 // static
 bool QuicCryptoServerStreamBase::DoesPeerSupportStatelessRejects(
     const CryptoHandshakeMessage& message) {
   const QuicTag* received_tags;
   size_t received_tags_length;
@@ skipping 12 matching lines @@
 
 QuicCryptoServerStream::QuicCryptoServerStream(
     const QuicCryptoServerConfig* crypto_config,
     QuicCompressedCertsCache* compressed_certs_cache,
     bool use_stateless_rejects_if_peer_supported,
     QuicSession* session,
     Helper* helper)
     : QuicCryptoServerStreamBase(session),
       crypto_config_(crypto_config),
       compressed_certs_cache_(compressed_certs_cache),
+      crypto_proof_(new QuicCryptoProof),
       validate_client_hello_cb_(nullptr),
       helper_(helper),
       num_handshake_messages_(0),
       num_handshake_messages_with_server_nonces_(0),
       send_server_config_update_cb_(nullptr),
       num_server_config_update_messages_sent_(0),
       use_stateless_rejects_if_peer_supported_(
           use_stateless_rejects_if_peer_supported),
       peer_supports_stateless_rejects_(false),
-      chlo_packet_size_(0) {
+      chlo_packet_size_(0),
+      process_client_hello_cb_(nullptr) {
   DCHECK_EQ(Perspective::IS_SERVER, session->connection()->perspective());
 }
 
 QuicCryptoServerStream::~QuicCryptoServerStream() {
   CancelOutstandingCallbacks();
 }
 
 void QuicCryptoServerStream::CancelOutstandingCallbacks() {
   // Detach from the validation callback.  Calling this multiple times is safe.
   if (validate_client_hello_cb_ != nullptr) {
     validate_client_hello_cb_->Cancel();
     validate_client_hello_cb_ = nullptr;
   }
   if (send_server_config_update_cb_ != nullptr) {
     send_server_config_update_cb_->Cancel();
     send_server_config_update_cb_ = nullptr;
   }
+  if (process_client_hello_cb_ != nullptr) {
+    process_client_hello_cb_->Cancel();
+    process_client_hello_cb_ = nullptr;
+  }
 }
 
 void QuicCryptoServerStream::OnHandshakeMessage(
     const CryptoHandshakeMessage& message) {
   QuicCryptoServerStreamBase::OnHandshakeMessage(message);
   ++num_handshake_messages_;
   chlo_packet_size_ = session()->connection()->GetCurrentPacket().length();
 
   // Do not process handshake messages after the handshake is confirmed.
   if (handshake_confirmed_) {
@@ skipping 18 matching lines @@
     return;
   }
 
   CryptoUtils::HashHandshakeMessage(message, &chlo_hash_);
 
   std::unique_ptr<ValidateCallback> cb(new ValidateCallback(this));
   validate_client_hello_cb_ = cb.get();
   crypto_config_->ValidateClientHello(
       message, session()->connection()->peer_address().address(),
       session()->connection()->self_address().address(), version(),
-      session()->connection()->clock(), &crypto_proof_, std::move(cb));
+      session()->connection()->clock(), crypto_proof_, std::move(cb));
 }
 
-class QuicCryptoServerStream::ProcessClientHelloCallback
-    : public ProcessClientHelloResultCallback {
- public:
-  ProcessClientHelloCallback(
-      QuicCryptoServerStream* stream,
-      const scoped_refptr<ValidateClientHelloResultCallback::Result>& result)
-      : stream_(stream), result_(result) {}
-
-  void Run(
-      QuicErrorCode error,
-      const string& error_details,
-      std::unique_ptr<CryptoHandshakeMessage> message,
-      std::unique_ptr<DiversificationNonce> diversification_nonce) override {
-    stream_->FinishProcessingHandshakeMessageAfterProcessClientHello(
-        *result_, error, error_details, std::move(message),
-        std::move(diversification_nonce));
-  }
-
- private:
-  QuicCryptoServerStream* stream_;
-  scoped_refptr<ValidateClientHelloResultCallback::Result> result_;
-};
-
 void QuicCryptoServerStream::FinishProcessingHandshakeMessage(
     scoped_refptr<ValidateClientHelloResultCallback::Result> result,
     std::unique_ptr<ProofSource::Details> details) {
   const CryptoHandshakeMessage& message = result->client_hello;
 
   // Clear the callback that got us here.
   DCHECK(validate_client_hello_cb_ != nullptr);
   validate_client_hello_cb_ = nullptr;
 
   if (use_stateless_rejects_if_peer_supported_) {
     peer_supports_stateless_rejects_ = DoesPeerSupportStatelessRejects(message);
   }
 
   std::unique_ptr<ProcessClientHelloCallback> cb(
       new ProcessClientHelloCallback(this, result));
+  process_client_hello_cb_ = cb.get();
   ProcessClientHello(result, std::move(details), std::move(cb));
 }
 
 void QuicCryptoServerStream::
     FinishProcessingHandshakeMessageAfterProcessClientHello(
         const ValidateClientHelloResultCallback::Result& result,
         QuicErrorCode error,
         const string& error_details,
         std::unique_ptr<CryptoHandshakeMessage> reply,
         std::unique_ptr<DiversificationNonce> diversification_nonce) {
@@ skipping 45 matching lines @@
 
   config->ToHandshakeMessage(reply.get());
 
   // Receiving a full CHLO implies the client is prepared to decrypt with
   // the new server write key.  We can start to encrypt with the new server
   // write key.
   //
   // NOTE: the SHLO will be encrypted with the new server write key.
   session()->connection()->SetEncrypter(
       ENCRYPTION_INITIAL,
-      crypto_negotiated_params_.initial_crypters.encrypter.release());
+      crypto_negotiated_params_->initial_crypters.encrypter.release());
   session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_INITIAL);
   // Set the decrypter immediately so that we no longer accept unencrypted
   // packets.
   session()->connection()->SetDecrypter(
       ENCRYPTION_INITIAL,
-      crypto_negotiated_params_.initial_crypters.decrypter.release());
+      crypto_negotiated_params_->initial_crypters.decrypter.release());
   if (version() > QUIC_VERSION_32) {
     session()->connection()->SetDiversificationNonce(*diversification_nonce);
   }
 
   SendHandshakeMessage(*reply);
 
   session()->connection()->SetEncrypter(
       ENCRYPTION_FORWARD_SECURE,
-      crypto_negotiated_params_.forward_secure_crypters.encrypter.release());
+      crypto_negotiated_params_->forward_secure_crypters.encrypter.release());
   session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
 
   session()->connection()->SetAlternativeDecrypter(
       ENCRYPTION_FORWARD_SECURE,
-      crypto_negotiated_params_.forward_secure_crypters.decrypter.release(),
+      crypto_negotiated_params_->forward_secure_crypters.decrypter.release(),
       false /* don't latch */);
 
   encryption_established_ = true;
   handshake_confirmed_ = true;
   session()->OnCryptoHandshakeEvent(QuicSession::HANDSHAKE_CONFIRMED);
 }
 
 void QuicCryptoServerStream::SendServerConfigUpdate(
     const CachedNetworkParameters* cached_network_params) {
   if (!handshake_confirmed_) {
@@ skipping 10 matching lines @@
     std::unique_ptr<SendServerConfigUpdateCallback> cb(
         new SendServerConfigUpdateCallback(this));
     send_server_config_update_cb_ = cb.get();
     crypto_config_->BuildServerConfigUpdateMessage(
         session()->connection()->version(), chlo_hash_,
         previous_source_address_tokens_,
         session()->connection()->self_address().address(),
         session()->connection()->peer_address().address(),
         session()->connection()->clock(),
         session()->connection()->random_generator(), compressed_certs_cache_,
-        crypto_negotiated_params_, cached_network_params, std::move(cb));
+        *crypto_negotiated_params_, cached_network_params, std::move(cb));
     return;
   }
 
   CryptoHandshakeMessage server_config_update_message;
   if (!crypto_config_->BuildServerConfigUpdateMessage(
           session()->connection()->version(), chlo_hash_,
           previous_source_address_tokens_,
           session()->connection()->self_address().address(),
           session()->connection()->peer_address().address(),
           session()->connection()->clock(),
           session()->connection()->random_generator(), compressed_certs_cache_,
-          crypto_negotiated_params_, cached_network_params,
+          *crypto_negotiated_params_, cached_network_params,
           &server_config_update_message)) {
     DVLOG(1) << "Server: Failed to build server config update (SCUP)!";
     return;
   }
 
   DVLOG(1) << "Server: Sending server config update: "
            << server_config_update_message.DebugString();
   const QuicData& data = server_config_update_message.GetSerialized();
   WriteOrBufferData(StringPiece(data.data(), data.length()), false, nullptr);
 
@@ skipping 73 matching lines @@
 
 void QuicCryptoServerStream::SetPreviousCachedNetworkParams(
     CachedNetworkParameters cached_network_params) {
   previous_cached_network_params_.reset(
       new CachedNetworkParameters(cached_network_params));
 }
 
 bool QuicCryptoServerStream::GetBase64SHA256ClientChannelID(
     string* output) const {
   if (!encryption_established_ ||
-      crypto_negotiated_params_.channel_id.empty()) {
+      crypto_negotiated_params_->channel_id.empty()) {
     return false;
   }
 
-  const string& channel_id(crypto_negotiated_params_.channel_id);
+  const string& channel_id(crypto_negotiated_params_->channel_id);
   std::unique_ptr<crypto::SecureHash> hash(
       crypto::SecureHash::Create(crypto::SecureHash::SHA256));
   hash->Update(channel_id.data(), channel_id.size());
   uint8_t digest[32];
   hash->Finish(digest, sizeof(digest));
 
   base::Base64Encode(
       string(reinterpret_cast<const char*>(digest), sizeof(digest)), output);
   // Remove padding.
   size_t len = output->size();
@@ skipping 36 matching lines @@
       peer_supports_stateless_rejects_;
   QuicConnection* connection = session()->connection();
   const QuicConnectionId server_designated_connection_id =
       GenerateConnectionIdForReject(use_stateless_rejects_in_crypto_config);
   crypto_config_->ProcessClientHello(
       result, /*reject_only=*/false, connection->connection_id(),
       connection->self_address().address(), connection->peer_address(),
       version(), connection->supported_versions(),
       use_stateless_rejects_in_crypto_config, server_designated_connection_id,
       connection->clock(), connection->random_generator(),
-      compressed_certs_cache_, &crypto_negotiated_params_, &crypto_proof_,
+      compressed_certs_cache_, crypto_negotiated_params_, crypto_proof_,
       QuicCryptoStream::CryptoMessageFramingOverhead(version()),
       chlo_packet_size_, std::move(done_cb));
 }
 
 void QuicCryptoServerStream::OverrideQuicConfigDefaults(QuicConfig* config) {}
 
 QuicCryptoServerStream::ValidateCallback::ValidateCallback(
     QuicCryptoServerStream* parent)
     : parent_(parent) {}
 
@@ skipping 13 matching lines @@
 QuicConnectionId QuicCryptoServerStream::GenerateConnectionIdForReject(
     bool use_stateless_rejects) {
   if (!use_stateless_rejects) {
     return 0;
   }
   return helper_->GenerateConnectionIdForReject(
       session()->connection()->connection_id());
 }
 
 }  // namespace net