From: Manuel Nickschas Date: Sun, 24 Apr 2016 19:59:15 +0000 (+0200) Subject: Handle invalid handshake data properly in the core X-Git-Tag: 0.12.4~5 X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=commitdiff_plain;h=adbd7f6efa14b107ed722daa0b7963dd1238a681 Handle invalid handshake data properly in the core Clients sending invalid handshake data could make the core crash due to an unchecked pointer. This commit fixes this issue by having the core close the socket if a peer could not be created. Thanks to Bas Pape (Tucos) for finding this one! --- diff --git a/src/common/peerfactory.cpp b/src/common/peerfactory.cpp index 580c2baa..cd0987b4 100644 --- a/src/common/peerfactory.cpp +++ b/src/common/peerfactory.cpp @@ -56,5 +56,5 @@ RemotePeer *PeerFactory::createPeer(const ProtoList &protocols, AuthHandler *aut } } - return 0; + return nullptr; } diff --git a/src/core/coreauthhandler.cpp b/src/core/coreauthhandler.cpp index e3809246..34fc2227 100644 --- a/src/core/coreauthhandler.cpp +++ b/src/core/coreauthhandler.cpp @@ -81,7 +81,7 @@ void CoreAuthHandler::onReadyRead() } // read the list of protocols supported by the client - while (socket()->bytesAvailable() >= 4) { + while (socket()->bytesAvailable() >= 4 && _supportedProtos.size() < 16) { // sanity check quint32 data; socket()->read((char*)&data, 4); data = qFromBigEndian(data); @@ -98,6 +98,12 @@ void CoreAuthHandler::onReadyRead() level = Compressor::NoCompression; RemotePeer *peer = PeerFactory::createPeer(_supportedProtos, this, socket(), level, this); + if (!peer) { + qWarning() << "Received invalid handshake data from client" << socket()->peerAddress().toString(); + close(); + return; + } + if (peer->protocol() == Protocol::LegacyProtocol) { _legacy = true; connect(peer, SIGNAL(protocolVersionMismatch(int,int)), SLOT(onProtocolVersionMismatch(int,int)));