Re: [quicwg/base-drafts] PUSH_ID as a frame (#2526)

Lucas Pardue <> Mon, 18 March 2019 18:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 22365124BF6 for <>; Mon, 18 Mar 2019 11:59:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.001
X-Spam-Status: No, score=-8.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fMvyXzIxZDT5 for <>; Mon, 18 Mar 2019 11:59:44 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 367C61200D8 for <>; Mon, 18 Mar 2019 11:59:44 -0700 (PDT)
Date: Mon, 18 Mar 2019 11:59:42 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1552935582; bh=pF8xwMK7uYCr0xo8ISPNLiHYb6r+cm7czZzHR8vMiBQ=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=eu9nG8qJF0j2R1F5SEN9sp8LRxqJOcjD8oz1Od1nXFXpMEhEejPbdlPi+Zkvht9nQ cRs2+4TtjgB8a4Oxm9qKC9cJbcQgJI3vtnZMjUBbQnuckSJ45dlYVYd1v0e89KkYDg 8J1EiHWbwrrr7gKHI2ysT7WRgYub6biGiesMCJTM=
From: Lucas Pardue <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/issues/2526/>
In-Reply-To: <quicwg/base-drafts/issues/>
References: <quicwg/base-drafts/issues/>
Subject: Re: [quicwg/base-drafts] PUSH_ID as a frame (#2526)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c8fea9ee7f8a_634b3fab470d45bc26331a"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: LPardue
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Mar 2019 18:59:47 -0000

> Take a server with a buggy push implementation, rather than a malicious one. Something that doesn't send the PUSH_ID at all. On the client you'll start seeing a flow of data and you can't do anything better than parsing the first few bytes of that as a PUSH_ID, and basically see random IDs. With Framing, if a server forgets to send the PUSH_ID, it is clear at the receiver that it is a protocol error.

Right now in draft 19 we have:

1. Parse varint  - stream type
2. Parse varint - push ID
3. Parse varint - frame type (HEADERS). 

The assertion then is, if step 2 gets skipped by the sender, the receiver will parse the HEADERS frame type as a varint expecting it to be the push ID (value 0x1, with no restriction on min or max encoding). It will then parse the HEADERS frame length as a varint expecting it to be the HEADERS frame type (length is unlikely to be 1). Doesn't the client just blow up at that point?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: