Validate and filter device names

This commit is contained in:
Albert Vaca Cintora 2024-05-19 16:15:39 +02:00
parent 983788e5c9
commit b672d80249
No known key found for this signature in database
4 changed files with 26 additions and 11 deletions

View file

@ -194,8 +194,8 @@ void BluetoothLinkProvider::clientIdentityReceived(const QBluetoothAddress &peer
NetworkPacket receivedPacket;
bool success = NetworkPacket::unserialize(identityArray, &receivedPacket);
if (!success || receivedPacket.type() != PACKET_TYPE_IDENTITY) {
qCWarning(KDECONNECT_CORE) << "BluetoothLinkProvider Received not an identity packet";
if (!success || !DeviceInfo::isValidIdentityPacket(np)) {
qCWarning(KDECONNECT_CORE) << "BluetoothLinkProvider: Invalid identity packet received";
mSockets.remove(peer);
socket->close();
socket->deleteLater();
@ -298,8 +298,8 @@ void BluetoothLinkProvider::serverDataReceived(const QBluetoothAddress &peer, QS
NetworkPacket receivedPacket;
bool success = NetworkPacket::unserialize(identityArray, &receivedPacket);
if (!success || receivedPacket.type() != PACKET_TYPE_IDENTITY) {
qCWarning(KDECONNECT_CORE) << "Not an identity packet.";
if (!success || !DeviceInfo::isValidIdentityPacket(receivedPacket)) {
qCWarning(KDECONNECT_CORE) << "BluetoothLinkProvider: Invalid identity packet received";
mSockets.remove(peer);
socket->close();
socket->deleteLater();

View file

@ -259,8 +259,8 @@ void LanLinkProvider::udpBroadcastReceived()
continue;
}
if (receivedPacket->type() != PACKET_TYPE_IDENTITY) {
qCDebug(KDECONNECT_CORE) << "Received a UDP packet of wrong type" << receivedPacket->type();
if (!DeviceInfo::isValidIdentityPacket(receivedPacket)) {
qCWarning(KDECONNECT_CORE) << "Invalid identity packet received";
delete receivedPacket;
continue;
}
@ -477,8 +477,8 @@ void LanLinkProvider::dataReceived()
return;
}
if (np->type() != PACKET_TYPE_IDENTITY) {
qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Expected identity, received " << np->type();
if (!DeviceInfo::isValidIdentityPacket(np)) {
qCWarning(KDECONNECT_CORE) << "Invalid identity packet received";
delete np;
return;
}

View file

@ -193,10 +193,11 @@ void Daemon::onDeviceStatusChanged()
void Daemon::setAnnouncedName(const QString &name)
{
QString filteredName = DeviceInfo::filterName(name);
qCDebug(KDECONNECT_CORE) << "Announcing name";
KdeConnectConfig::instance().setName(name);
KdeConnectConfig::instance().setName(filteredName);
forceOnNetworkChange();
Q_EMIT announcedNameChanged(name);
Q_EMIT announcedNameChanged(filteredName);
}
void Daemon::setCustomDevices(const QStringList &addresses)

View file

@ -8,6 +8,7 @@
#define DEVICE_INFO_H
#include "networkpacket.h"
#include <QRegularExpression>
#include <QSet>
#include <QSslCertificate>
#include <QString>
@ -138,12 +139,25 @@ struct DeviceInfo {
return DeviceInfo(np.get<QString>(QStringLiteral("deviceId")),
certificate,
np.get<QString>(QStringLiteral("deviceName")),
filterName(np.get<QString>(QStringLiteral("deviceName"))),
DeviceType::FromString(np.get<QString>(QStringLiteral("deviceType"))),
np.get<int>(QStringLiteral("protocolVersion"), -1),
QSet<QString>(incomingCapabilities.begin(), incomingCapabilities.end()),
QSet<QString>(outgoingCapabilities.begin(), outgoingCapabilities.end()));
}
static QString filterName(QString input)
{
static const QRegularExpression NAME_INVALID_CHARACTERS_REGEX(QStringLiteral("[\"',;:.!?()\\[\\]<>]"));
constexpr int MAX_DEVICE_NAME_LENGTH = 32;
return input.remove(NAME_INVALID_CHARACTERS_REGEX).left(MAX_DEVICE_NAME_LENGTH);
}
static bool isValidIdentityPacket(NetworkPacket *np)
{
return np->type() == PACKET_TYPE_IDENTITY && !filterName(np->get(QLatin1String("deviceName"), QString())).isEmpty()
&& !np->get(QLatin1String("deviceId"), QString()).isEmpty();
}
};
#endif