[kdeconnect] [Bug 485323] New: Underscore in deviceID shall be sanitized in SNI before sending ClientHello

Wed, 10 Apr 2024 05:35:09 -0700 

https://bugs.kde.org/show_bug.cgi?id=485323

            Bug ID: 485323
           Summary: Underscore in deviceID shall be sanitized in SNI
                    before sending ClientHello
    Classification: Applications
           Product: kdeconnect
           Version: unspecified
          Platform: Apple App Store
                OS: iOS
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: ios-application
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

***
If you're not sure this is actually a bug, instead post about it at
https://discuss.kde.org

If you're reporting a crash, attach a backtrace with debug symbols; see
https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***

SUMMARY

In LanLinkProvider.m didReadData(), deviceId received from computer is directly
used in tlsSettings. For implementations following
https://invent.kde.org/network/kdeconnect-meta/-/merge_requests/4, the deviceId
would contain underscore. However, gnutls does not accept names with underscore
(<https://github.com/gnutls/gnutls/blob/49f4ae2109b7cc969539b90be92a5844bbe7b322/lib/str.h#L71>),
and implementations using that would report "A disallowed SNI server name has
been received" to users.

I did not test with official KDE connect server implementation. Testing with
https://github.com/andyholmes/valent (main branch) reports me this and takes me
some time to read code.

STEPS TO REPRODUCE
1. Install KDE Connect from iOS App Store on an iPhone
2. On computer, compile valent and run. Start wireshark and capture
3. Try pair

OBSERVED RESULT

Both sides show nothing. Wireshark shows the TCP connection FINs after the
Client Hello from iPhone, with SNI equals to deviceID sent from server which
contains underscore.

EXPECTED RESULT

SNI in ClientHello does not contain characters that gnutls does not accept, and
connects successfully.

SOFTWARE/OS VERSIONS
Windows: N/A
macOS: N/A
Linux/KDE Plasma: Arch Linux + GNOME 46
(available in About System)
KDE Plasma Version: N/A
KDE Frameworks Version: N/A
Qt Version: N/A
iOS client version: 0.3.0 (9)

ADDITIONAL INFORMATION

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to