New issue
Advanced search Search tips

Issue 669671 link

Starred by 1 user
Status: Fixed
Owner:
rch@chromium.org
Closed: Mar 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug-Regression



Sign in to add a comment

QUIC server configs may be cached for too long

Project Member Reported by rch@chromium.org, Nov 29 2016 
If a MITM intercepts a REJ and replaced the TTL value with a malicious value chrome will use the config for too long.

Comment 2 by rch@chromium.org, Nov 30 2016

Labels: Merge-Request-56

Comment 3 by dimu@chromium.org, Dec 1 2016

Labels: -Merge-Request-56 Merge-Approved-56 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M56 (branch: 2924)
Project Member

Comment 4 by bugdroid1@chromium.org, Dec 1 2016

Labels: -merge-approved-56 merge-merged-2924
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f2fea22a1b2bf45314b9fedb507caa79f3d0d4a4

commit f2fea22a1b2bf45314b9fedb507caa79f3d0d4a4
Author: Ryan Hamilton <rch@chromium.org>
Date: Thu Dec 01 19:01:29 2016

[m56 merge] Make QuicCryptoClientConfig only cache server configs for 1 week.

Merge internal change:  140540620

BUG= 669671 

Review-Url: https://codereview.chromium.org/2534303002
Cr-Commit-Position: refs/heads/master@{#435185}
(cherry picked from commit f2585be417280721a8f00ec802ca50e01597295b)

Review URL: https://codereview.chromium.org/2541163005 .

Cr-Commit-Position: refs/branch-heads/2924@{#255}
Cr-Branched-From: 3a87aecc31cd1ffe751dd72c04e5a96a1fc8108a-refs/heads/master@{#433059}

[modify] https://crrev.com/f2fea22a1b2bf45314b9fedb507caa79f3d0d4a4/net/quic/core/crypto/quic_crypto_client_config.cc
[modify] https://crrev.com/f2fea22a1b2bf45314b9fedb507caa79f3d0d4a4/net/quic/core/crypto/quic_crypto_client_config_test.cc
[modify] https://crrev.com/f2fea22a1b2bf45314b9fedb507caa79f3d0d4a4/net/quic/core/quic_time.h

Comment 5 by rch@chromium.org, Mar 24 2017

Status: Fixed (was: Started)

Sign in to add a comment