Closed
Bug 1291814
Opened 8 years ago
Closed 8 years ago
enforce increasing h2 push ids
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
FIXED
mozilla51
Tracking | Status | |
---|---|---|
firefox51 | --- | fixed |
People
(Reporter: mcmanus, Assigned: mcmanus)
Details
(Whiteboard: [spdy][necko-active])
Attachments
(1 file)
3.01 KB,
patch
|
u408661
:
review+
|
Details | Diff | Splinter Review |
There is a public blackhat attack today against h2 servers where stream ids are recycled instead of being always increasing. It looks like they got a server to have a UAF problem. The same technique could be used against the client via server push - we don't enforce that the stream ids are increasing. however I'm pretty confident nothing particularly bad would happen - if the stream still existed we would reset the push (so you wouldn't be able to attach and then wait for it to be freed prematurely), and if the stream no longer existed we would accept it but it would go through the normal lifecycle just like if it were a bigger ID. nonetheless, its not cool and 7540 tells us to reset the connection with protocol error in this case. Let's do that.
Assignee | ||
Comment 1•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=d7960b51ce21
Assignee | ||
Comment 2•8 years ago
|
||
Attachment #8777481 -
Flags: review?(hurley)
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → mcmanus
Status: NEW → ASSIGNED
Attachment #8777481 -
Flags: review?(hurley) → review+
Assignee | ||
Updated•8 years ago
|
Keywords: checkin-needed
Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/4563f1ee1d06 enforce h2 increasing push ids. r=hurley
Keywords: checkin-needed
Comment 4•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/4563f1ee1d06
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox51:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in
before you can comment on or make changes to this bug.
Description
•