Bug 498791 - [OpenVPN] Cipher list in the details dialog contains garbage items `The` and `and`
Summary: [OpenVPN] Cipher list in the details dialog contains garbage items `The` and ...
Status: RESOLVED FIXED
Alias: None
Product: systemsettings
Classification: Applications
Component: kcm_networkmanagement (show other bugs)
Version: 6.2.5
Platform: Fedora RPMs Linux
: NOR normal
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-01-17 11:08 UTC by Yaroslav Sidlovsky
Modified: 2025-01-23 12:05 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In: 6.3.0
Sentry Crash Report:


Attachments
Bug demonstration (58.21 KB, image/png)
2025-01-17 11:08 UTC, Yaroslav Sidlovsky
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Yaroslav Sidlovsky 2025-01-17 11:08:25 UTC
Created attachment 177455 [details]
Bug demonstration

SUMMARY
Combobox items contains obviously garbage ciphers named "The" and "and".

STEPS TO REPRODUCE
1. Run `systemsettings kcm_networkmanagement`;
2. Create new OpenVPN connection;
3. Click "Advanced..." button, go to the "Security" tab;
4. Open "Cipher" combobox and scroll it till the end.

OBSERVED RESULT
Combobox items contains obviously garbage ciphers named "The" and "and".

EXPECTED RESULT
No garbage ciphers shown.

SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 41
KDE Plasma Version: 6.2.5
KDE Frameworks Version: 6.10.0
Qt Version: 6.8.1
Kernel Version: 6.12.9-200.fc41.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 16 × AMD Ryzen 7 5700X 8-Core Processor
Memory: 31.2 ГиБ of RAM
Graphics Processor: NVIDIA GeForce RTX 3070/PCIe/SSE2
Manufacturer: ASUS

ADDITIONAL INFORMATION
This garbage lines comes from output of the command `openvpn --show-ciphers`:
```truncated
...
CAMELLIA-256-CFB8  (256 bit key, 128 bit block, TLS client/server mode only)
CAMELLIA-256-OFB  (256 bit key, 128 bit block, TLS client/server mode only)
CHACHA20-POLY1305  (256 bit key, stream cipher, TLS client/server mode only)

The following ciphers have a block size of less than 128 bits,
and are therefore deprecated.  Do not use unless you have to.

DES-EDE-CBC  (128 bit key, 64 bit block)
DES-EDE-CFB  (128 bit key, 64 bit block, TLS client/server mode only)
DES-EDE-OFB  (128 bit key, 64 bit block, TLS client/server mode only)
...
```
See: https://invent.kde.org/plasma/plasma-nm/-/blob/master/vpn/openvpn/openvpnadvancedwidget.cpp?ref_type=heads#L106
It would be nice to filter out those values midlist.
Comment 1 Bug Janitor Service 2025-01-17 13:37:08 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-nm/-/merge_requests/403
Comment 2 Nicolas Fella 2025-01-23 11:45:02 UTC
Git commit aeab783c228aa18448239bd72907d8ece35dd690 by Nicolas Fella.
Committed on 23/01/2025 at 11:43.
Pushed by nicolasfella into branch 'master'.

Make openvpn cipher parsing more robust

The output from openvpn has text mixed into the data, the current parsing doesn't consider that

Use a RegEx that targets the data format more closely

M  +6    -1    vpn/openvpn/openvpnadvancedwidget.cpp

https://invent.kde.org/plasma/plasma-nm/-/commit/aeab783c228aa18448239bd72907d8ece35dd690
Comment 3 Nicolas Fella 2025-01-23 12:05:21 UTC
Git commit 04faff964185d3a3d0dfc311936f36f135ffbb13 by Nicolas Fella.
Committed on 23/01/2025 at 12:05.
Pushed by nicolasfella into branch 'Plasma/6.3'.

Make openvpn cipher parsing more robust

The output from openvpn has text mixed into the data, the current parsing doesn't consider that

Use a RegEx that targets the data format more closely
(cherry picked from commit aeab783c228aa18448239bd72907d8ece35dd690)

M  +6    -1    vpn/openvpn/openvpnadvancedwidget.cpp

https://invent.kde.org/plasma/plasma-nm/-/commit/04faff964185d3a3d0dfc311936f36f135ffbb13