Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-13427

infinite loop in QSslSocketBackendPrivate::transmit()

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 4.7.0
    • 4.6.3
    • Network: SSL
    • None
    • 151983bd827c8a05b8798560ade4d911a04156c3

    Description

      Hi,

      This is a forwarded bug from Debian BTS:
      http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587711

      The following vulnerability has been reported in libqt4-network.

      From [1]:
      > The part of the network library which handles the SSL connection can be
      > tricked into an endless loop that freezes the whole application with
      > CPU at 100%.
      >
      > The problem is located in the QSslSocketBackendPrivate::transmit()
      > function in src_network_ssl_qsslsocket_openssl.cpp that never exits
      > from the main "while" loop.

      There's no known patch at the moment and an exploit is linked by the advisory.

      [1]http://aluigi.altervista.org/adv/qtsslame-adv.txt

      Attachments

        Activity

          People

            phartman Peter Hartmann (closed Nokia identity) (Inactive)
            fabo Fathi Boudra
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: