Limit identity packets to 8KiB
Healthy identity packages shouldn't be that big and we don't want to allow systems around us to send us ever humongous packages that will just leave us without any memory. Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.
This commit is contained in:
parent
d35b88c1b2
commit
b496e66899
1 changed files with 8 additions and 0 deletions
|
@ -381,6 +381,14 @@ void LanLinkProvider::newConnection()
|
||||||
void LanLinkProvider::dataReceived()
|
void LanLinkProvider::dataReceived()
|
||||||
{
|
{
|
||||||
QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
|
QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
|
||||||
|
//the size here is arbitrary and is now at 8192 bytes. It needs to be considerably long as it includes the capabilities but there needs to be a limit
|
||||||
|
//Tested between my systems and I get around 2000 per identity package.
|
||||||
|
if (socket->bytesAvailable() > 8192) {
|
||||||
|
qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Suspiciously long identity package received. Closing connection." << socket->peerAddress() << socket->bytesAvailable();
|
||||||
|
socket->disconnectFromHost();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
#if QT_VERSION < QT_VERSION_CHECK(5,7,0)
|
#if QT_VERSION < QT_VERSION_CHECK(5,7,0)
|
||||||
if (!socket->canReadLine())
|
if (!socket->canReadLine())
|
||||||
return;
|
return;
|
||||||
|
|
Loading…
Reference in a new issue