Summary: | Crash with invalid or failed TLS authentication | ||
---|---|---|---|
Product: | [Applications] kdeconnect | Reporter: | Andy Holmes <andrew.g.r.holmes> |
Component: | android-application | Assignee: | Albert Vaca Cintora <albertvaka> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | NOR | ||
Version: | 1.3.5 | ||
Target Milestone: | --- | ||
Platform: | Other | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Attachments: |
tombstone file from android
partial adb log from crash |
Created attachment 124324 [details]
partial adb log from crash
I believe this is fixed now: https://invent.kde.org/kde/kdeconnect-android/-/commit/f20fef245903cec7c4480fc600196b1e7ee2ab37 |
Created attachment 124323 [details] tombstone file from android SUMMARY On virtually any TLS error, including sending an invalid/corrupted certificate or just bailing during the handshake, the Android app will crash. STEPS TO REPRODUCE 1. Setup two devices with a KDE Connect client, at least one with the Android app 2. Attempt to connect with a faulty certificate or just close the connection during authentication 3. OBSERVED RESULT kdeconnect-android crashes, usually restarting and crashing again when the device attempts to handshake again EXPECTED RESULT Probably the connection should close, or ideally prompt the user about a possible fraudulent connection attempt. SOFTWARE/OS VERSIONS Windows: macOS: Linux/KDE Plasma: (available in About System) KDE Plasma Version: KDE Frameworks Version: Qt Version: ADDITIONAL INFORMATION I reproduced this with GSConnect, but no doubt it's possible to create this issue with kdeconnect-kde. It's rare to happen in the wild, but tends to happen when users do silly things like change their hostname or try copy settings between machines.