diff options
| author |   Andreas Sturmlechner <asturm@gentoo.org> | 2020-10-04 10:35:47 +0200 |
|---|---|---|
| committer | Andreas Sturmlechner <asturm@gentoo.org> | 2020-10-04 17:54:07 +0200 |
| commit | bb81637747a3a0d3cc36bd19f73250d32dfc8b6c (patch) | |
| tree | 44e599d7f70919b37013f68df5c0d2af970a6256 /kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch | |
| parent | dev-qt/qtgui: Fix multiscreen regression (diff) | |
| download | gentoo-bb81637747a3a0d3cc36bd19f73250d32dfc8b6c.tar.gz gentoo-bb81637747a3a0d3cc36bd19f73250d32dfc8b6c.tar.bz2 gentoo-bb81637747a3a0d3cc36bd19f73250d32dfc8b6c.zip | |
kde-misc/kdeconnect: Fix CVE-2020-26164
See also: https://kde.org/info/security/advisory-20201002-1.txt
Bug: https://bugs.gentoo.org/746401
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
Diffstat (limited to 'kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch')
| -rw-r--r-- | kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch new file mode 100644 index 000000000000..36d612e9cbc1 --- /dev/null +++ b/kde-misc/kdeconnect/files/kdeconnect-20.04.3-08-Do-not-remember-more-than-a-few-identity-packets-at-.patch @@ -0,0 +1,54 @@ +From 66c768aa9e7fba30b119c8b801efd49ed1270b0a Mon Sep 17 00:00:00 2001 +From: Albert Vaca Cintora <albertvaka@gmail.com> +Date: Thu, 24 Sep 2020 17:16:02 +0200 +Subject: [PATCH 08/10] Do not remember more than a few identity packets at a + time + +To prevent the kdeconnect process from using too much memory. + +Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this. +--- + core/backends/lan/lanlinkprovider.cpp | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp +index 770e7866..6afb8552 100644 +--- a/core/backends/lan/lanlinkprovider.cpp ++++ b/core/backends/lan/lanlinkprovider.cpp +@@ -47,6 +47,7 @@ + #define MIN_VERSION_WITH_SSL_SUPPORT 6 + + static const int MAX_UNPAIRED_CONNECTIONS = 42; ++static const int MAX_REMEMBERED_IDENTITY_PACKETS = 42; + + LanLinkProvider::LanLinkProvider( + bool testMode, +@@ -225,6 +226,12 @@ void LanLinkProvider::udpBroadcastReceived() + + //qCDebug(KDECONNECT_CORE) << "Received Udp identity packet from" << sender << " asking for a tcp connection on port " << tcpPort; + ++ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) { ++ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << receivedPacket->get<QString>(QStringLiteral("deviceId")) << "received via UDP"; ++ delete receivedPacket; ++ continue; ++ } ++ + QSslSocket* socket = new QSslSocket(this); + socket->setProxy(QNetworkProxy::NoProxy); + m_receivedIdentityPackets[socket].np = receivedPacket; +@@ -435,6 +442,12 @@ void LanLinkProvider::dataReceived() + return; + } + ++ if (m_receivedIdentityPackets.size() > MAX_REMEMBERED_IDENTITY_PACKETS) { ++ qCWarning(KDECONNECT_CORE) << "Too many remembered identities, ignoring" << np->get<QString>(QStringLiteral("deviceId")) << "received via TCP"; ++ delete np; ++ return; ++ } ++ + // Needed in "encrypted" if ssl is used, similar to "tcpSocketConnected" + m_receivedIdentityPackets[socket].np = np; + +-- +2.28.0 + |