| Summary: | Crash with invalid or failed TLS authentication | ||
|---|---|---|---|
| Product: | [Applications] kdeconnect | Reporter: | Andy Holmes <andrew.g.r.holmes> |
| Component: | android-application | Assignee: | Albert Vaca Cintora <albertvaka> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | NOR | ||
| Version First Reported In: | 1.3.5 | ||
| Target Milestone: | --- | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: |
tombstone file from android
partial adb log from crash |
||
Created attachment 124324 [details]
partial adb log from crash
I believe this is fixed now: https://invent.kde.org/kde/kdeconnect-android/-/commit/f20fef245903cec7c4480fc600196b1e7ee2ab37 |
Created attachment 124323 [details] tombstone file from android SUMMARY On virtually any TLS error, including sending an invalid/corrupted certificate or just bailing during the handshake, the Android app will crash. STEPS TO REPRODUCE 1. Setup two devices with a KDE Connect client, at least one with the Android app 2. Attempt to connect with a faulty certificate or just close the connection during authentication 3. OBSERVED RESULT kdeconnect-android crashes, usually restarting and crashing again when the device attempts to handshake again EXPECTED RESULT Probably the connection should close, or ideally prompt the user about a possible fraudulent connection attempt. SOFTWARE/OS VERSIONS Windows: macOS: Linux/KDE Plasma: (available in About System) KDE Plasma Version: KDE Frameworks Version: Qt Version: ADDITIONAL INFORMATION I reproduced this with GSConnect, but no doubt it's possible to create this issue with kdeconnect-kde. It's rare to happen in the wild, but tends to happen when users do silly things like change their hostname or try copy settings between machines.