diff options
| author | qamodi <cpp@zom.bi> | 2021-03-27 02:48:38 +0300 |
|---|---|---|
| committer | Jonas <cpp@zom.bi> | 2021-03-27 04:19:49 +0300 |
| commit | 3f84a9a4215b0316c5720c9b0b91d3498c83121f (patch) | |
| tree | 427f0678bad6468652d6dafbc822c5bab6886149 /src | |
| parent | 1c7706280fa749fbc8e3da83d5f37092ae52c3e2 (diff) | |
FIX(Server): Prevent multiple Sessions with ID 0
fixes bug introduced in eabfbab4
When an unauthenticated connection is terminated, the session ID still got enqueued into `qqIds`.
The session ID of unauthenticated clients is always 0 when it's not assigned. This means that
whenever an unauthenticated connection is terminated, 0 will be enqueued into `qqIds`. If this
happens multiple times, multiple clients will later be assigned session ID 0. All connections
with the same session ID are displayed as the same user for all clients. As a result of that
users might be listening to what you are saying in your channel without you noticing. If one
connection with session ID 0 gets terminated, all other connections with the same ID will
be terminated as well. This potentially enables denial of service.
Thanks to the Zom.bi community for fixing the bug.
Co-Authored-by: Madmaurice <madmaurice@zom.bi>
Diffstat (limited to 'src')
| -rw-r--r-- | src/murmur/Server.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/murmur/Server.cpp b/src/murmur/Server.cpp index a47816d95..e8cc11ba6 100644 --- a/src/murmur/Server.cpp +++ b/src/murmur/Server.cpp @@ -1671,7 +1671,7 @@ void Server::connectionClosed(QAbstractSocket::SocketError err, const QString &r QCoreApplication::instance()->postEvent(this, new ExecEvent(boost::bind(&Server::removeChannel, this, old->iId))); - if (static_cast< int >(u->uiSession) < iMaxUsers * 2) + if (u->uiSession > 0 && static_cast< int >(u->uiSession) < iMaxUsers * 2) qqIds.enqueue(u->uiSession); // Reinsert session id into pool if (u->sState == ServerUser::Authenticated) { |