kdeconnect-kde/0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch

From 48180b46552d40729a36b7431e97bbe2b5379306 Mon Sep 17 00:00:00 2001
From: Albert Vaca Cintora <albertvaka@gmail.com>
Date: Thu, 24 Sep 2020 18:46:57 +0200
Subject: [PATCH 9/9] Do not replace connections for a given deviceId if the
 certs have changed

Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.
---
 core/backends/lan/landevicelink.cpp   | 5 +++++
 core/backends/lan/landevicelink.h     | 1 +
 core/backends/lan/lanlinkprovider.cpp | 6 ++++++
 3 files changed, 12 insertions(+)

diff --git a/core/backends/lan/landevicelink.cpp b/core/backends/lan/landevicelink.cpp
index 8a65fb92..41af6f0e 100644
--- a/core/backends/lan/landevicelink.cpp
+++ b/core/backends/lan/landevicelink.cpp
@@ -192,3 +192,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() {
     //return (mConnectionSource == ConnectionStarted::Remotely || pairStatus() == Paired);
 
 }
+
+QSslCertificate LanDeviceLink::certificate() const
+{
+    return m_socketLineReader->peerCertificate();
+}
diff --git a/core/backends/lan/landevicelink.h b/core/backends/lan/landevicelink.h
index 28f63db2..485c58b5 100644
--- a/core/backends/lan/landevicelink.h
+++ b/core/backends/lan/landevicelink.h
@@ -56,6 +56,7 @@ public:
     bool linkShouldBeKeptAlive() override;
 
     QHostAddress hostAddress() const;
+    QSslCertificate certificate() const;
 
 private Q_SLOTS:
     void dataReceived();
diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
index f3d6801d..372cdc8f 100644
--- a/core/backends/lan/lanlinkprovider.cpp
+++ b/core/backends/lan/lanlinkprovider.cpp
@@ -345,6 +345,12 @@ void LanLinkProvider::encrypted()
     NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np;
     const QString& deviceId = receivedPacket->get<QString>(QStringLiteral("deviceId"));
 
+    if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) {
+        socket->disconnectFromHost();
+        qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId;
+        return;
+    }
+
     addLink(deviceId, socket, receivedPacket, connectionOrigin);
 
     // Copied from tcpSocketConnected slot, now delete received packet
-- 
2.28.0
Accepting request 839167 from home:luca_b:branches:KDE:Applications - Add upstream patches to fix security issues in kdeconnect (CVE-2020-26164, boo#1176268): * 0001-Do-not-leak-the-local-user-in-the-device-name.patch * 0002-Fix-use-after-free-in-LanLinkProvider-connectError.patch * 0003-Limit-identity-packets-to-8KiB.patch * 0004-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch * 0005-Don-t-brute-force-reading-the-socket.patch * 0006-Limit-number-of-connected-sockets-from-unpaired-devi.patch * 0007-Do-not-remember-more-than-a-few-identity-packets-at-.patch * 0008-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch * 0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch OBS-URL: https://build.opensuse.org/request/show/839167 OBS-URL: https://build.opensuse.org/package/show/KDE:Applications/kdeconnect-kde?expand=0&rev=17 2020-10-02 15:15:53 +00:00			`From 48180b46552d40729a36b7431e97bbe2b5379306 Mon Sep 17 00:00:00 2001`
			`From: Albert Vaca Cintora <albertvaka@gmail.com>`
			`Date: Thu, 24 Sep 2020 18:46:57 +0200`
			`Subject: [PATCH 9/9] Do not replace connections for a given deviceId if the`
			`certs have changed`

			`Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.`
			`---`
			`core/backends/lan/landevicelink.cpp \| 5 +++++`
			`core/backends/lan/landevicelink.h \| 1 +`
			`core/backends/lan/lanlinkprovider.cpp \| 6 ++++++`
			`3 files changed, 12 insertions(+)`

			`diff --git a/core/backends/lan/landevicelink.cpp b/core/backends/lan/landevicelink.cpp`
			`index 8a65fb92..41af6f0e 100644`
			`--- a/core/backends/lan/landevicelink.cpp`
			`+++ b/core/backends/lan/landevicelink.cpp`
			`@@ -192,3 +192,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() {`
			`//return (mConnectionSource == ConnectionStarted::Remotely \|\| pairStatus() == Paired);`

			`}`
			`+`
			`+QSslCertificate LanDeviceLink::certificate() const`
			`+{`
			`+ return m_socketLineReader->peerCertificate();`
			`+}`
			`diff --git a/core/backends/lan/landevicelink.h b/core/backends/lan/landevicelink.h`
			`index 28f63db2..485c58b5 100644`
			`--- a/core/backends/lan/landevicelink.h`
			`+++ b/core/backends/lan/landevicelink.h`
			`@@ -56,6 +56,7 @@ public:`
			`bool linkShouldBeKeptAlive() override;`

			`QHostAddress hostAddress() const;`
			`+ QSslCertificate certificate() const;`

			`private Q_SLOTS:`
			`void dataReceived();`
			`diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp`
			`index f3d6801d..372cdc8f 100644`
			`--- a/core/backends/lan/lanlinkprovider.cpp`
			`+++ b/core/backends/lan/lanlinkprovider.cpp`
			`@@ -345,6 +345,12 @@ void LanLinkProvider::encrypted()`
			`NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np;`
			`const QString& deviceId = receivedPacket->get<QString>(QStringLiteral("deviceId"));`

			`+ if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) {`
			`+ socket->disconnectFromHost();`
			`+ qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId;`
			`+ return;`
			`+ }`
			`+`
			`addLink(deviceId, socket, receivedPacket, connectionOrigin);`

			`// Copied from tcpSocketConnected slot, now delete received packet`
			`--`
			`2.28.0`