Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-13427

infinite loop in QSslSocketBackendPrivate::transmit()

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 4.6.3
    • Fix Version/s: 4.7.0
    • Component/s: Network: SSL
    • Labels:
      None
    • Commits:
      151983bd827c8a05b8798560ade4d911a04156c3

      Description

      Hi,

      This is a forwarded bug from Debian BTS:
      http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587711

      The following vulnerability has been reported in libqt4-network.

      From [1]:
      > The part of the network library which handles the SSL connection can be
      > tricked into an endless loop that freezes the whole application with
      > CPU at 100%.
      >
      > The problem is located in the QSslSocketBackendPrivate::transmit()
      > function in src_network_ssl_qsslsocket_openssl.cpp that never exits
      > from the main "while" loop.

      There's no known patch at the moment and an exploit is linked by the advisory.

      [1]http://aluigi.altervista.org/adv/qtsslame-adv.txt

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            phartman Peter Hartmann (closed Nokia identity) (Inactive)
            Reporter:
            fabo Fathi Boudra
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes