Clients sending invalid handshake data could make the core crash
due to an unchecked pointer. This commit fixes this issue by having
the core close the socket if a peer could not be created.
Thanks to Bas Pape (Tucos) for finding this one!
}
// read the list of protocols supported by the client
}
// read the list of protocols supported by the client
- while (socket()->bytesAvailable() >= 4) {
+ while (socket()->bytesAvailable() >= 4 && _supportedProtos.size() < 16) { // sanity check
quint32 data;
socket()->read((char*)&data, 4);
data = qFromBigEndian<quint32>(data);
quint32 data;
socket()->read((char*)&data, 4);
data = qFromBigEndian<quint32>(data);
level = Compressor::NoCompression;
RemotePeer *peer = PeerFactory::createPeer(_supportedProtos, this, socket(), level, this);
level = Compressor::NoCompression;
RemotePeer *peer = PeerFactory::createPeer(_supportedProtos, this, socket(), level, this);
+ if (!peer) {
+ qWarning() << "Received invalid handshake data from client" << socket()->peerAddress().toString();
+ close();
+ return;
+ }
+
if (peer->protocol() == Protocol::LegacyProtocol) {
_legacy = true;
connect(peer, SIGNAL(protocolVersionMismatch(int,int)), SLOT(onProtocolVersionMismatch(int,int)));
if (peer->protocol() == Protocol::LegacyProtocol) {
_legacy = true;
connect(peer, SIGNAL(protocolVersionMismatch(int,int)), SLOT(onProtocolVersionMismatch(int,int)));