Handle invalid handshake data properly in the core

Clients sending invalid handshake data could make the core crash due to an unchecked pointer. This commit fixes this issue by having the core close the socket if a peer could not be created. Thanks to Bas Pape (Tucos) for finding this one!
quassel · Apr 24, 2016 · e678873 · e678873
1 parent f64ac93
commit e678873
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/src/common/peerfactory.cpp b/src/common/peerfactory.cpp
@@ -56,5 +56,5 @@ RemotePeer *PeerFactory::createPeer(const ProtoList &protocols, AuthHandler *aut
         }
     }
 
-    return 0;
+    return nullptr;
 }
diff --git a/src/core/coreauthhandler.cpp b/src/core/coreauthhandler.cpp
@@ -81,7 +81,7 @@ void CoreAuthHandler::onReadyRead()
     }
 
     // read the list of protocols supported by the client
-    while (socket()->bytesAvailable() >= 4) {
+    while (socket()->bytesAvailable() >= 4 && _supportedProtos.size() < 16) { // sanity check
         quint32 data;
         socket()->read((char*)&data, 4);
         data = qFromBigEndian<quint32>(data);
@@ -98,6 +98,12 @@ void CoreAuthHandler::onReadyRead()
                 level = Compressor::NoCompression;
 
             RemotePeer *peer = PeerFactory::createPeer(_supportedProtos, this, socket(), level, this);
+            if (!peer) {
+                qWarning() << "Received invalid handshake data from client" << socket()->peerAddress().toString();
+                close();
+                return;
+            }
+
             if (peer->protocol() == Protocol::LegacyProtocol) {
                 _legacy = true;
                 connect(peer, SIGNAL(protocolVersionMismatch(int,int)), SLOT(onProtocolVersionMismatch(int,int)));