backup/barrier
1
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-05-05 21:02:39 +08:00
Code Issues Projects Releases Wiki Activity

lib/server: Close connection when client app-level handshake fails

Browse Source 
This fixes the following security vulnerability:
 - CVE-2021-42075 DoS via file descriptor exhaustion

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
This commit is contained in:
Povilas Kanapickas
2021-11-01 02:53:24 +02:00
parent 00e182d22e
commit deefecc262
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/lib/server/ClientListener.cpp
View File

@@ -194,6 +194,11 @@ ClientListener::handleUnknownClient(const Event&, void* vclient)
new TMethodEventJob<ClientListener>(this,
&ClientListener::handleClientDisconnected,
client));
} else {
auto* stream = unknownClient->getStream();
if (stream) {
stream->close();
}
}
// now finished with unknown client