Prevent time zone lookup from using infinite amounts of memory

The QTzTimeZoneCache created one cache entry for every time zone
which was looked up, even if the code was invalid. This uses some
memory for each time zone code queried and thus allows DOS attacks
if user supplied time zone codes are parsed. This patch changes
the cache to use QCache instead of QHash and thus only store up to
100 zones in the cache.

Change-Id: Ia87fe500b8b9cf23dced5448a33b047702515f19
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>

1 files changed, 6 insertions, 6 deletions

diff --git a/src/corelib/time/qtimezoneprivate_tz.cpp b/src/corelib/time/qtimezoneprivate_tz.cpp
index 4ac4559d36..9cc477d2a5 100644
--- a/src/corelib/time/qtimezoneprivate_tz.cpp
+++ b/src/corelib/time/qtimezoneprivate_tz.cpp
@@ -46,7 +46,7 @@
 #include <QtCore/QDataStream>
 #include <QtCore/QDateTime>
 #include <QtCore/QFile>
-#include <QtCore/QHash>
+#include <QtCore/QCache>
 #include <QtCore/QMutex>
 
 #include <qdebug.h>
@@ -660,7 +660,7 @@ public:
 
 private:
     QTzTimeZoneCacheEntry findEntry(const QByteArray &ianaId);
-    QHash<QByteArray, QTzTimeZoneCacheEntry> m_cache;
+    QCache<QByteArray, QTzTimeZoneCacheEntry> m_cache;
     QMutex m_mutex;
 };
 
@@ -842,13 +842,13 @@ QTzTimeZoneCacheEntry QTzTimeZoneCache::fetchEntry(const QByteArray &ianaId)
     QMutexLocker locker(&m_mutex);
 
     // search the cache...
-    const auto& it = m_cache.find(ianaId);
-    if (it != m_cache.constEnd())
-        return *it;
+    QTzTimeZoneCacheEntry *obj = m_cache.object(ianaId);
+    if (obj)
+        return *obj;
 
     // ... or build a new entry from scratch
     QTzTimeZoneCacheEntry ret = findEntry(ianaId);
-    m_cache[ianaId] = ret;
+    m_cache.insert(ianaId, new QTzTimeZoneCacheEntry(ret));
     return ret;
 }