Funkwhale/Clementine-audio-player-Mac-Linux-Windows
1
0
Fork 0
mirror of https://github.com/clementine-player/Clementine synced 2024-12-16 19:31:02 +01:00
Code Issues Releases Wiki Activity

Fix issue 3545. Disconnect a client when the expected protocol buffer length is more than 128MB to prevent a crash.

Browse Source
This commit is contained in:
Andreas 2013-03-12 12:12:04 +01:00
parent e4ac2e6d82
commit 3e01d32a89
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/networkremote/remoteclient.cpp
View File

@ -55,6 +55,16 @@ void RemoteClient::IncomingData() {
// Read the length of the next message
QDataStream s(client_);
s >> expected_length_;
// Receiving more than 128mb is very unlikely
// Flush the data and disconnect the client
if (expected_length_ > 134217728) {
qLog(Debug) << "Received invalid data, disconnect client";
qLog(Debug) << "expected_length_ =" << expected_length_;
client_->close();
return;
}
reading_protobuf_ = true;
}
@ -77,14 +87,11 @@ void RemoteClient::IncomingData() {
}
void RemoteClient::ParseMessage(const QByteArray &data) {
qLog(Debug) << "ParseMessage()";
qLog(Debug) << "Data" << data;
pb::remote::Message msg;
if (!msg.ParseFromArray(data.constData(), data.size())) {
qLog(Info) << "Couldn't parse data";
return;
}
qLog(Debug) << "ParseFromArray()";
if (msg.type() == pb::remote::CONNECT && use_auth_code_) {
if (msg.request_connect().auth_code() != auth_code_) {
@ -94,7 +101,6 @@ void RemoteClient::ParseMessage(const QByteArray &data) {
}
// Now parse the other data
qLog(Debug) << "emit Parse(msg)";
emit Parse(msg);
}