[Bug 1448911] Re: Execute initDbSession() on DB reconnects
Jonathan Riddell
riddell at gmail.com
Mon May 4 15:26:40 UTC 2015
** Description changed:
Bug fixed in 0.12.2 is an old CVE that re-occurred:
Previously, the initDbSession() function would only be run on the
initial connect. Since the initDbSession() code in PostgreSQL is
used to fix the CVE-2013-4422 SQL Injection bug, this means that
Quassel was still vulnerable to that CVE if the PostgreSQL server
is restarted or the connection is lost at any point while Quassel
is running.
This bug also causes the Qt5 psql timezone fix to stop working
after a reconnect.
The fix is to disable Qt's automatic reconnecting, check the
connection status ourselves, and reconnect if necessary, executing
the initDbSession() function afterward.
https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283
+
+ TEST CASE:
+ 15:22 < mamarley> Yeah, restart PostgreSQL and do something that will cause backlog messages to be recorded. Then, restart the quasselclient and make sure those backlog messages have the correct timestamp.
--
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to quassel in Ubuntu.
https://bugs.launchpad.net/bugs/1448911
Title:
Execute initDbSession() on DB reconnects
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1448911/+subscriptions
More information about the kubuntu-bugs
mailing list