pool/kdeconnect-kde
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
kdeconnect-kde/0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch
Christophe Giboudeaux 41d68c2fd4 Accepting request 839167 from home:luca_b:branches:KDE:Applications 
- Add upstream patches to fix security issues in kdeconnect
  (CVE-2020-26164, boo#1176268):
  * 0001-Do-not-leak-the-local-user-in-the-device-name.patch
  * 0002-Fix-use-after-free-in-LanLinkProvider-connectError.patch
  * 0003-Limit-identity-packets-to-8KiB.patch
  * 0004-Do-not-let-lanlink-connections-stay-open-for-long-wi.patch
  * 0005-Don-t-brute-force-reading-the-socket.patch
  * 0006-Limit-number-of-connected-sockets-from-unpaired-devi.patch
  * 0007-Do-not-remember-more-than-a-few-identity-packets-at-.patch
  * 0008-Limit-the-ports-we-try-to-connect-to-to-the-port-ran.patch
  * 0009-Do-not-replace-connections-for-a-given-deviceId-if-t.patch

OBS-URL: https://build.opensuse.org/request/show/839167
OBS-URL: https://build.opensuse.org/package/show/KDE:Applications/kdeconnect-kde?expand=0&rev=17
2020-10-02 15:15:53 +00:00

59 lines
2.2 KiB
Diff
Raw Blame History

From 48180b46552d40729a36b7431e97bbe2b5379306 Mon Sep 17 00:00:00 2001
From: Albert Vaca Cintora <albertvaka@gmail.com>
Date: Thu, 24 Sep 2020 18:46:57 +0200
Subject: [PATCH 9/9] Do not replace connections for a given deviceId if the
certs have changed
Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.
---
core/backends/lan/landevicelink.cpp | 5 +++++
core/backends/lan/landevicelink.h | 1 +
core/backends/lan/lanlinkprovider.cpp | 6 ++++++
3 files changed, 12 insertions(+)
diff --git a/core/backends/lan/landevicelink.cpp b/core/backends/lan/landevicelink.cpp
index 8a65fb92..41af6f0e 100644
--- a/core/backends/lan/landevicelink.cpp
+++ b/core/backends/lan/landevicelink.cpp
@@ -192,3 +192,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() {
//return (mConnectionSource == ConnectionStarted::Remotely || pairStatus() == Paired);
}
+
+QSslCertificate LanDeviceLink::certificate() const
+{
+ return m_socketLineReader->peerCertificate();
+}
diff --git a/core/backends/lan/landevicelink.h b/core/backends/lan/landevicelink.h
index 28f63db2..485c58b5 100644
--- a/core/backends/lan/landevicelink.h
+++ b/core/backends/lan/landevicelink.h
@@ -56,6 +56,7 @@ public:
bool linkShouldBeKeptAlive() override;
QHostAddress hostAddress() const;
+ QSslCertificate certificate() const;
private Q_SLOTS:
void dataReceived();
diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
index f3d6801d..372cdc8f 100644
--- a/core/backends/lan/lanlinkprovider.cpp
+++ b/core/backends/lan/lanlinkprovider.cpp
@@ -345,6 +345,12 @@ void LanLinkProvider::encrypted()
NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np;
const QString& deviceId = receivedPacket->get<QString>(QStringLiteral("deviceId"));
+ if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) {
+ socket->disconnectFromHost();
+ qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId;
+ return;
+ }
+
addLink(deviceId, socket, receivedPacket, connectionOrigin);
// Copied from tcpSocketConnected slot, now delete received packet
--
2.28.0
Reference in New Issue View Git Blame Copy Permalink