From 1d757349d0f517ef12c119565ffb1f79503fbcdf Mon Sep 17 00:00:00 2001
From: Albert Vaca Cintora <albertvaka@gmail.com>
Date: Sun, 16 Nov 2025 17:56:53 +0100
Subject: [PATCH] Check that the device ID doesn't change during the handshake

(cherry picked from commit b42d0392d047a7326232d4e534db4bc26626fb81)
---
 core/backends/lan/lanlinkprovider.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/core/backends/lan/lanlinkprovider.cpp b/core/backends/lan/lanlinkprovider.cpp
index f1a029d77..b4634523f 100644
--- a/core/backends/lan/lanlinkprovider.cpp
+++ b/core/backends/lan/lanlinkprovider.cpp
@@ -418,6 +418,7 @@ void LanLinkProvider::encrypted()
 
     NetworkPacket *identityPacket = m_receivedIdentityPackets[socket].np;
 
+    QString deviceId = identityPacket->get<QString>(QStringLiteral("deviceId"));
     int protocolVersion = identityPacket->get<int>(QStringLiteral("protocolVersion"), -1);
     if (protocolVersion >= 8) {
         disconnect(socket, &QObject::destroyed, nullptr, nullptr);
@@ -426,7 +427,7 @@ void LanLinkProvider::encrypted()
         NetworkPacket myIdentity = KdeConnectConfig::instance().deviceInfo().toIdentityPacket();
         socket->write(myIdentity.serialize());
         socket->flush();
-        connect(socket, &QIODevice::readyRead, this, [this, socket, protocolVersion]() {
+        connect(socket, &QIODevice::readyRead, this, [this, socket, protocolVersion, deviceId]() {
             if (!socket->canReadLine()) {
                 // This can happen if the packet is large enough to be split in two chunks
                 return;
@@ -443,6 +444,12 @@ void LanLinkProvider::encrypted()
             int newProtocolVersion = secureIdentityPacket->get<int>(QStringLiteral("protocolVersion"), 0);
             if (newProtocolVersion != protocolVersion) {
                 qCWarning(KDECONNECT_CORE) << "Protocol version changed half-way through the handshake:" << protocolVersion << "->" << newProtocolVersion;
+                return;
+            }
+            QString newDeviceId = secureIdentityPacket->get<QString>(QStringLiteral("deviceId"));
+            if (newDeviceId != deviceId) {
+                qCWarning(KDECONNECT_CORE) << "Device ID changed half-way through the handshake:" << deviceId << "->" << newDeviceId;
+                return;
             }
             DeviceInfo deviceInfo = DeviceInfo::FromIdentityPacketAndCert(*secureIdentityPacket, socket->peerCertificate());
 
-- 
GitLab