Репозиторий Sisyphus
Последнее обновление: 27 ноября 2021 | Пакетов: 17423 | Посещений: 22404164
en ru br
Репозитории ALT

Группа :: Коммуникации
Пакет: kde5-connect

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

Патч: b496e66899e5bc9547b6537a7f44ab44dd0aaf38.diff
Скачать


diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
index 235c221f9858bfb3afac9b2032d577bf5319f419..1fd3870e3d90bb4063644f2393c737a91ad2694b 100644
--- a/core/backends/lan/lanlinkprovider.cpp
+++ b/core/backends/lan/lanlinkprovider.cpp
@@ -381,6 +381,14 @@ void LanLinkProvider::newConnection()
 void LanLinkProvider::dataReceived()
 {
     QSslSocket* socket = qobject_cast<QSslSocket*>(sender());
+    //the size here is arbitrary and is now at 8192 bytes. It needs to be considerably long as it includes the capabilities but there needs to be a limit
+    //Tested between my systems and I get around 2000 per identity package.
+    if (socket->bytesAvailable() > 8192) {
+        qCWarning(KDECONNECT_CORE) << "LanLinkProvider/newConnection: Suspiciously long identity package received. Closing connection." << socket->peerAddress() << socket->bytesAvailable();
+        socket->disconnectFromHost();
+        return;
+    }
+
 #if QT_VERSION < QT_VERSION_CHECK(5,7,0)
     if (!socket->canReadLine())
         return;
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin