Do not replace connections for a given deviceId if the certs have changed

Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.
This commit is contained in:
Albert Vaca Cintora 2020-09-24 18:46:57 +02:00
parent ce0f00fc2d
commit bd27aec9d2
3 changed files with 12 additions and 0 deletions

View file

@ -178,3 +178,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() {
//return (mConnectionSource == ConnectionStarted::Remotely || pairStatus() == Paired);
}
QSslCertificate LanDeviceLink::certificate() const
{
return m_socketLineReader->peerCertificate();
}

View file

@ -42,6 +42,7 @@ public:
bool linkShouldBeKeptAlive() override;
QHostAddress hostAddress() const;
QSslCertificate certificate() const;
private Q_SLOTS:
void dataReceived();

View file

@ -363,6 +363,12 @@ void LanLinkProvider::encrypted()
NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np;
const QString& deviceId = receivedPacket->get<QString>(QStringLiteral("deviceId"));
if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) {
socket->disconnectFromHost();
qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId;
return;
}
addLink(deviceId, socket, receivedPacket, connectionOrigin);
// Copied from tcpSocketConnected slot, now delete received packet