This fixes the following security vulnerability:
- CVE-2021-42074 SIGSEGV on quick open/close sequence while sending
Hello message
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
This fixes the following security vulnerability:
- CVE-2021-42075 DoS via file descriptor exhaustion
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
(cherry picked from commit deefecc262)
This commit is the 3/3 part of the fix for the following security
vulnerability:
- CVE-2021-42076 DoS via excess length messages
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
(cherry picked from commit fd5295eb31)
This commit is the 2/3 part of the fix for the following security
vulnerability:
- CVE-2021-42076 DoS via excess length messages
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
(cherry picked from commit af90f39b4a)
This commit is the 1/3 part of the fix for the following security
vulnerability:
- CVE-2021-42076 DoS via excess length messages
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
(cherry picked from commit e33c81b835)
When disconnected a NOTE log entry is made in the log, when connected it just prints which seems inconsistent to me:
```
[2020-06-01T11:50:55] INFO: AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
/home/jonathan/barrier/src/lib/net/SecureSocket.cpp,872
connected to server
[2020-06-01T11:52:43] INFO: entering screen
```
vs.
```
[2020-06-01T11:59:01] NOTE: disconnected from server
/home/jonathan/barrier/src/lib/barrier/ClientApp.cpp,315
```
Since everything else logs with a timestamp I suggest changing this to NOTE as well for connection events being logged.
Fixes high cpu usage spikes on win10.
When queue was containing messages of only non-QS_POSTMESSAGE type the
"while (m_buffer->isEmpty())" busy-looped in EventQueue::getEvent
since isEmpty was true (checked only QS_POSTMESSAGE message type),
but waitForEvent returned immediately (checked more message types).
Investigation shows that the difference was introduced in
https://github.com/debauchee/barrier/commit/dbfb04a6e
to fix a problem with bad behaviour of GetQueueStatus
Researching showed that a similar problem was fixed in Qt,
and the solution was
"pass different flags to GetQueueStatus depending on version of windows"
https://bugreports.qt.io/browse/QTBUG-29097
So this patch makes changes to a barrier non-GUI core similar to Qt fix.
QLength() may return 0 even if there are events pending because they
need to be read from the display socket in order to become visible. We
must use XPending() which will poll the socket if QLength() == 0.
Current code base don't use IEventQueue::isEmpty() method.
Remove it to simplify IEventQueue API and to remove confusion with
IEventQueueBuffer with same name.
The IEventQueueBuffer::isEmpty() and all its implementations kept unchanged