Chromium Code Reviews Chromium Code Reviews
Issue
2797523002:
Prevent multiple simultaneous calls to GetProof (Closed)
DescriptionPrevent multiple simultaneous calls to GetProof
If a malicious or buggy client sends a bunch of CHLOs close together, we
can end up in the following pathological situation:
- The first CHLO is processed in
QuicCryptoServerStream::OnHandshakeMessage, and triggers a call to
ValidateClientHello.
- The ValidateClientHello completes into
QuicCryptoServerStream::FinishProcessingHandshakeMessage, which kicks
off a call to ProcessClientHello.
- While that's going on, another CHLO arrives and
QuicCryptoServerStream::OnHandshakeMessage is called again, kicking off
another call to ValidateClientHello.
Now we are in a situation where two calls to GetProof can be running at
the same time, which is not allowed.
The fix is to note and enforce that the validate_client_hello_cb_ and
process_client_hello_cb_ fields should not be populated at the same
time. Now, the second call to OnHandshakeMessage will detect that CHLO
processing is already in progress, and close the connection.
relnote: Avoid a QUIC crash which can be triggered by a malicious or
buggy client, especially when GFE is using Mentat for signing.
Protected by default-enabled flag
quic_reloadable_flag_fix_quic_callback_crash.
Merge internal change: 151698587
BUG=
Patch Set 1 #Patch Set 2 : Change to use MockClock #
Depends on Patchset: Dependent Patchsets: Messages
Total messages: 11 (9 generated)
|
||||||||||||||||||||||||||||||||||||||||||||||
