tristan/kdeconnect-kde
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Limit identity packets to 8KiB

Browse source 
Healthy identity packages shouldn't be that big and we don't want to
allow systems around us to send us ever humongous packages that will
just leave us without any memory.

Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.
This commit is contained in:
Aleix Pol 2020-09-16 02:28:58 +02:00 committed by Albert Vaca Cintora
parent 7e47d04053
commit 4fbd01a3d4
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
core/backends/lan/lanlinkprovider.cpp
View file

@ -399,6 +399,14 @@ void LanLinkProvider::newConnection()
void LanLinkProvider::dataReceived()
{
QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
//the size here is arbitrary and is now at 8192 bytes. It needs to be considerably long as it includes the capabilities but there needs to be a limit
//Tested between my systems and I get around 2000 per identity package.
if (socket->bytesAvailable() > 8192) {
qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Suspiciously long identity package received. Closing connection." << socket->peerAddress() << socket->bytesAvailable();
socket->disconnectFromHost();
return;
}
#if QT_VERSION < QT_VERSION_CHECK(5,7,0)
if (!socket->canReadLine())
return;