github-starred/barrier
2
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-05-15 14:16:02 -06:00
Code Issues 1.0k Projects Packages Wiki Activity Actions

[PR #1351] [MERGED] Fix ssl-related crashes when closing connections [SECURITY VULNERABILITY CVE-2021-42074] #1789

New issue
Closed
opened 2026-05-05 08:01:59 -06:00 by gitea-mirror · 0 comments
gitea-mirror commented 2026-05-05 08:01:59 -06:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/debauchee/barrier/pull/1351
Author: @p12tic
Created: 11/1/2021
Status: Merged
Merged: 11/1/2021
Merged by: @p12tic

Base: masterHead: fix-ssl-crash-closing-connections

📝 Commits (2)

  • 8b937a4 lib/net: Fix race conditions when closing SSL connections
  • f0efe04 lib/net: Fix incorrect sharing of data between different SSL sessions

📊 Changes

4 files changed (+88 additions, -45 deletions)

View changed files

doc/newsfragments/fix-crash-on-ssl-hello.bugfix (+4 -0)
doc/newsfragments/ssl-corrupted-data.bugfix (+2 -0)
📝 src/lib/net/SecureSocket.cpp (+53 -38)
📝 src/lib/net/SecureSocket.h (+29 -7)

📄 Description

This PR fixes a number of race conditions in the SSL connection handling code. These may lead to crashes of the server and data corruption.

This PR fixes the following security vulnerability:

  • CVE-2021-42074 SIGSEGV on quick open/close sequence while sending Hello message.

The issue has been reported by Matthias Gerstner mgerstner@suse.de @mgerstner. Matthias also provided insights into how best to fix the issues, precise reproduction steps and any used tools and made the maintainer's life as pleasant as possible. Thank you!

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/debauchee/barrier/pull/1351 **Author:** [@p12tic](https://github.com/p12tic) **Created:** 11/1/2021 **Status:** ✅ Merged **Merged:** 11/1/2021 **Merged by:** [@p12tic](https://github.com/p12tic) **Base:** `master` ← **Head:** `fix-ssl-crash-closing-connections` --- ### 📝 Commits (2) - [`8b937a4`](https://github.com/debauchee/barrier/commit/8b937a4abd5425b6588c3e096f6daf16343674c4) lib/net: Fix race conditions when closing SSL connections - [`f0efe04`](https://github.com/debauchee/barrier/commit/f0efe043bbed01294c684c8d5c69cbfc77a3b050) lib/net: Fix incorrect sharing of data between different SSL sessions ### 📊 Changes **4 files changed** (+88 additions, -45 deletions) <details> <summary>View changed files</summary> ➕ `doc/newsfragments/fix-crash-on-ssl-hello.bugfix` (+4 -0) ➕ `doc/newsfragments/ssl-corrupted-data.bugfix` (+2 -0) 📝 `src/lib/net/SecureSocket.cpp` (+53 -38) 📝 `src/lib/net/SecureSocket.h` (+29 -7) </details> ### 📄 Description This PR fixes a number of race conditions in the SSL connection handling code. These may lead to crashes of the server and data corruption. This PR fixes the following security vulnerability: - CVE-2021-42074 SIGSEGV on quick open/close sequence while sending Hello message. The issue has been reported by Matthias Gerstner mgerstner@suse.de @mgerstner. Matthias also provided insights into how best to fix the issues, precise reproduction steps and any used tools and made the maintainer's life as pleasant as possible. Thank you! --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
gitea-mirror 2026-05-05 08:01:59 -06:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
enhancement/builds/windows-multi-versions-build
martin-furter-barrier-term
enhancement/builds/macos-universal
enhancement/builds/macos-universal-qt6-test
2.3.x
fix/lang-translation/ssl-slash-tls
feature/build/compile/32-bit
feature/build/compile/armv7
testing-framework
README-update
remotes/fork/README-update
remotes/fork/smartzeroconf
smartzeroconf
pages-devel
remotes/fork/pages-devel
pkgconfig
remotes/fork/pkgconfig
release
remotes/fork/release
v2.4.0
v2.3.4
v2.3.3
1.11.0-stable
v1.11.0-rc2
v2.3.2
v1.10.3-stable
v2.3.2-alpha
v2.3.1
v2.3.0
v1.10.2-stable
v1.10.2-rc1
v1.10.2-rc2
v2.1.2
v2.0.8-beta
v2.0.7-beta
v2.0.4-beta
v2.0.3-beta
v2.1.1
v2.1.0
v1.9.1-stable
v2.0.0
v1.9.0-stable
v2.0.0-RC2
v2.0.0-RC1
v2.0.0-stable
v1.8.8-stable
v1.8.7-stable
v1.8.6-stable
v1.8.5-stable
v1.8.4-stable
v1.8.3-stable
v1.8.1-stable
v1.8.0-beta
v1.7.3-stable
v1.7.2-stable
v1.7.1-stable
1.7.0
1.6.3-final
1.6.2
1.6.1
1.6.0
Labels
Clear labels   
HiDPI

   
bounty

   
bsd/freebsd

   
bsd/openbsd

   
bug

   
bug

   
build-infra

   
cantfix

   
critical

   
doc

   
duplicate

   
enhancement

   
fix-available

   
from git

   
from release

   
good first issue

   
help wanted

   
installer/package

   
invalid

   
linux

   
macOS

   
meta

   
needs testing

   
pull-request

Mirrored from GitHub Pull Request

  
query

   
question

   
regression

   
regression

   
v2.4.0

   
windows

   
wontfix

   
work-in-progress
No labels
HiDPI
bounty
bsd/freebsd
bsd/openbsd
bug
bug
build-infra
cantfix
critical
doc
duplicate
enhancement
fix-available
from git
from release
good first issue
help wanted
installer/package
invalid
linux
macOS
meta
needs testing
pull-request
query
question
regression
regression
v2.4.0
windows
wontfix
work-in-progress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/barrier#1789
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?