From 1efcc0df6adab11e7239f5f12a13766a58e2c1ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= Date: Mon, 16 Dec 2024 10:32:05 +0100 Subject: [PATCH] Schannel: chop off garbage bytes if encryption fails Because they would break communication (or loop infinitely) otherwise since we use the presence of bytes in the returned buffer to know if there is still something we need to transmit. Amends 4e60a6b556d91ab797aebb7422666a685a726755 Pick-to: 6.9 Change-Id: If72c1a142d4567f69d78177250b0218c5ca999fd Reviewed-by: Even Oscar Andersen Reviewed-by: Timur Pocheptsov --- src/plugins/tls/schannel/qtls_schannel.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/plugins/tls/schannel/qtls_schannel.cpp b/src/plugins/tls/schannel/qtls_schannel.cpp index 69e48036d90..d152dff6efb 100644 --- a/src/plugins/tls/schannel/qtls_schannel.cpp +++ b/src/plugins/tls/schannel/qtls_schannel.cpp @@ -1788,7 +1788,7 @@ auto TlsCryptographSchannel::getNextEncryptedMessage() -> MessageBufferResult && fullMessage.size() < MessageBufferThreshold) { // Try to read 'cbMaximumMessage' bytes from buffer before encrypting. const int bodySize = int(std::min(writeBufferSize, qint64(streamSizes.cbMaximumMessage))); - auto messageSize = headerSize + bodySize + trailerSize; + const qsizetype messageSize = headerSize + bodySize + trailerSize; QSpan buffer = allocateMessage(messageSize); char *header = buffer.data(); char *body = header + headerSize; @@ -1815,6 +1815,7 @@ auto TlsCryptographSchannel::getNextEncryptedMessage() -> MessageBufferResult setErrorAndEmit(d, QAbstractSocket::SslInternalError, QSslSocket::tr("Schannel failed to encrypt data: %1") .arg(schannelErrorToString(status))); + result.messageBuffer.chop(messageSize); return result; } // Data was encrypted successfully, so we free() what we peek()ed earlier