Commit bd27aec9 authored by Albert Vaca Cintora's avatar Albert Vaca Cintora

Do not replace connections for a given deviceId if the certs have changed

Thanks Matthias Gerstner <mgerstner@suse.de> for reporting this.
parent ce0f00fc
......@@ -178,3 +178,8 @@ bool LanDeviceLink::linkShouldBeKeptAlive() {
//return (mConnectionSource == ConnectionStarted::Remotely || pairStatus() == Paired);
}
QSslCertificate LanDeviceLink::certificate() const
{
return m_socketLineReader->peerCertificate();
}
......@@ -42,6 +42,7 @@ public:
bool linkShouldBeKeptAlive() override;
QHostAddress hostAddress() const;
QSslCertificate certificate() const;
private Q_SLOTS:
void dataReceived();
......
......@@ -363,6 +363,12 @@ void LanLinkProvider::encrypted()
NetworkPacket* receivedPacket = m_receivedIdentityPackets[socket].np;
const QString& deviceId = receivedPacket->get<QString>(QStringLiteral("deviceId"));
if (m_links.contains(deviceId) && m_links[deviceId]->certificate() != socket->peerCertificate()) {
socket->disconnectFromHost();
qCWarning(KDECONNECT_CORE) << "Got connection for the same deviceId but certificates don't match. Ignoring " << deviceId;
return;
}
addLink(deviceId, socket, receivedPacket, connectionOrigin);
// Copied from tcpSocketConnected slot, now delete received packet
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment