Headline
CVE-2020-26164: Don't brute-force reading the socket · KDE/kdeconnect-kde@8112729
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
@@ -13,16 +13,19 @@
#include <QProcess>
#include <QEventLoop>
#include <QTimer>
#include <QSignalSpy>
class TestSocketLineReader : public QObject
{
Q_OBJECT
public Q_SLOTS:
void initTestCase();
void init();
void cleanup() { delete m_server; }
void newPacket();
private Q_SLOTS:
void socketLineReader();
void badData();
private:
QTimer m_timer;
@@ -33,8 +36,9 @@ private Q_SLOTS:
SocketLineReader* m_reader;
};
void TestSocketLineReader::initTestCase()
void TestSocketLineReader::init()
{
m_packets.clear();
m_server = new Server(this);
QVERIFY2(m_server->listen(QHostAddress::LocalHost, 8694), “Failed to create local tcp server”);
@@ -85,6 +89,29 @@ void TestSocketLineReader::socketLineReader()
}
}
void TestSocketLineReader::badData()
{
const QList<QByteArray> dataToSend = { "data1\n", “data” }; //does not end in a \n
for (const QByteArray& line : qAsConst(dataToSend)) {
m_conn->write(line);
}
m_conn->flush();
QSignalSpy spy(m_server, &QTcpServer::newConnection);
QVERIFY(m_server->hasPendingConnections() || spy.wait(1000));
QSslSocket* sock = m_server->nextPendingConnection();
QVERIFY2(sock != nullptr, “Could not open a connection to the client”);
m_reader = new SocketLineReader(sock, this);
connect(m_reader, &SocketLineReader::readyRead, this, &TestSocketLineReader::newPacket);
m_timer.start();
m_loop.exec();
QCOMPARE(m_packets.count(), 1);
QCOMPARE(m_packets[0], dataToSend[0]);
}
void TestSocketLineReader::newPacket()
{
int maxLoops = 5;