moonlight-stream/moonlight-qt
1
0
Fork 0
mirror of https://github.com/moonlight-stream/moonlight-qt.git synced 2026-05-19 16:10:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deep copy the BIO's backing memory for the QSslKey

Browse Source 
This doesn't appear to be a problem in practice, but the docs don't say
that Qt couldn't retain this QByteArray for later, which would result in
a UAF with the current code.
This commit is contained in:
Cameron Gutman
2026-05-16 16:08:02 -05:00
parent bba2faa602
commit 1eb76bbdb0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/backend/identitymanager.cpp
+1 -1
View File
@@ -170,7 +170,7 @@ IdentityManager::getSslKey()
BUF_MEM* mem; BUF_MEM* mem;
BIO_get_mem_ptr(bio, &mem); BIO_get_mem_ptr(bio, &mem);
m_CachedSslKey = QSslKey(QByteArray::fromRawData(mem->data, (int)mem->length), QSsl::Rsa); m_CachedSslKey = QSslKey(QByteArray(mem->data, (int)mem->length), QSsl::Rsa);
BIO_free(bio); BIO_free(bio);
EVP_PKEY_free(pk); EVP_PKEY_free(pk);