blob: e083f5896def8ba71ae77eceb80ab909cd217e34 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From b496e66899e5bc9547b6537a7f44ab44dd0aaf38 Mon Sep 17 00:00:00 2001
From: Aleix Pol <aleixpol@kde.org>
Date: Wed, 16 Sep 2020 02:28:58 +0200
Subject: [PATCH 04/10] Limit identity packets to 8KiB
Healthy identity packages shouldn't be that big and we don't want to
allow systems around us to send us ever humongous packages that will
just leave us without any memory.
Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.
---
core/backends/lan/lanlinkprovider.cpp | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
index 235c221f..1fd3870e 100644
--- a/core/backends/lan/lanlinkprovider.cpp
+++ b/core/backends/lan/lanlinkprovider.cpp
@@ -381,6 +381,14 @@ void LanLinkProvider::newConnection()
void LanLinkProvider::dataReceived()
{
QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
+ //the size here is arbitrary and is now at 8192 bytes. It needs to be considerably long as it includes the capabilities but there needs to be a limit
+ //Tested between my systems and I get around 2000 per identity package.
+ if (socket->bytesAvailable() > 8192) {
+ qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Suspiciously long identity package received. Closing connection." << socket->peerAddress() << socket->bytesAvailable();
+ socket->disconnectFromHost();
+ return;
+ }
+
#if QT_VERSION < QT_VERSION_CHECK(5,7,0)
if (!socket->canReadLine())
return;
--
2.28.0
|
GitWeb
