x/net/quic: excess CRYPTO data not cleaned up after keys discarded #70704
Assignees
Milestone
Comments
|
Related Issues (Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.) |
|
Change https://go.dev/cl/634617 mentions this issue: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When a CRYPTO frame contains data which results in us discarding packet protection keys for a number space, we should verify that we don't have any excess buffered crypto data.
For example, if we receive CRYPTO frames in the Initial space containing bytes 0-100 and 101-200, and the 0-100 segment causes us to drop packet protection keys for the Initial space, the excess data (bytes 101-200) is erroneous and should result in the connection being closed.
(SImplest option here might be to avoid providing data to the TLS stack if we've got any gaps in the CRYPTO stream, and then let the TLS layer complain about receiving too much data.)
The text was updated successfully, but these errors were encountered: