backup/barrier
1
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-02-13 23:25:27 +08:00
Code Issues Projects Releases Wiki Activity

lib: Enforce a maximum length of input messages

Browse Source 
This commit is the 1/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.

(cherry picked from commit e33c81b835)
This commit is contained in:
Povilas Kanapickas
2021-11-01 05:18:51 +02:00
parent d9b4a1c703
commit f546af4a85
5 changed files with 52 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/lib/client/ServerProxy.cpp
View File

@@ -26,6 +26,7 @@
#include "barrier/ProtocolUtil.h"
#include "barrier/option_types.h"
#include "barrier/protocol_types.h"
#include "barrier/XBarrier.h"
#include "io/IStream.h"
#include "base/Log.h"
#include "base/IEventQueue.h"
@@ -124,17 +125,27 @@ ServerProxy::handleData(const Event&, void*)
// parse message
LOG((CLOG_DEBUG2 "msg from server: %c%c%c%c", code[0], code[1], code[2], code[3]));
switch ((this->*m_parser)(code)) {
case kOkay:
break;
try {
switch ((this->*m_parser)(code)) {
case kOkay:
break;
case kUnknown:
LOG((CLOG_ERR "invalid message from server: %c%c%c%c", code[0], code[1], code[2], code[3]));
case kUnknown:
LOG((CLOG_ERR "invalid message from server: %c%c%c%c", code[0], code[1], code[2], code[3]));
m_client->disconnect("invalid message from server");
return;
case kDisconnect:
return;
}
} catch (const XBadClient& e) {
// TODO: disconnect handling is currently dispersed across both parseMessage() and
// handleData() functions, we should collect that to a single place
LOG((CLOG_ERR "protocol error from server: %s", e.what()));
ProtocolUtil::writef(m_stream, kMsgEBad);
m_client->disconnect("invalid message from server");
return;
case kDisconnect:
return;
}
// next message