QNetworkRequest: don't assume QByteArray::constData() is NUL-terminated

It isn't guaranteed to be, for QByteArrays originating from
QByteArray::fromRawData().

Use the four-arg qstrnicmp() overload (with defaulted fourth
argument), wrapped in a lambda to DRY, instead of qstricmp(), which
may produce incorrect results or even read past user-supplied buffers.

There were also uses of QByteArray::compare(c-literal,
Qt::CaseInsensitive). They're not affected by the problem, but
QByteArray is scheduled to lose its string-y API parts and become a
container of octets in the future. Besides, the lambda solution is
much nicer on the eye.

Pick-to: 6.4 6.2 5.15
Change-Id: I1e0f9003082f4158edecc6fe8cf3c0518e5403f5
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Lorn Potter <lorn.potter@gmail.com>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>

2 files changed, 29 insertions, 21 deletions

diff --git a/src/network/access/qnetworkreplywasmimpl.cpp b/src/network/access/qnetworkreplywasmimpl.cpp
index b05fae73db..a10d2f843a 100644
--- a/src/network/access/qnetworkreplywasmimpl.cpp
+++ b/src/network/access/qnetworkreplywasmimpl.cpp
@@ -347,32 +347,36 @@ static int parseHeaderName(const QByteArray &headerName)
     if (headerName.isEmpty())
         return -1;
 
+    auto is = [&](const char *what) {
+        return qstrnicmp(headerName.data(), headerName.size(), what) == 0;
+    };
+
     switch (QtMiscUtils::toAsciiLower(headerName.front())) {
     case 'c':
-        if (qstricmp(headerName.constData(), "content-type") == 0)
+        if (is("content-type"))
             return QNetworkRequest::ContentTypeHeader;
-        else if (qstricmp(headerName.constData(), "content-length") == 0)
+        else if (is("content-length"))
             return QNetworkRequest::ContentLengthHeader;
-        else if (qstricmp(headerName.constData(), "cookie") == 0)
+        else if (is("cookie"))
             return QNetworkRequest::CookieHeader;
         break;
 
     case 'l':
-        if (qstricmp(headerName.constData(), "location") == 0)
+        if (is("location"))
             return QNetworkRequest::LocationHeader;
-        else if (qstricmp(headerName.constData(), "last-modified") == 0)
+        else if (is("last-modified"))
             return QNetworkRequest::LastModifiedHeader;
         break;
 
     case 's':
-        if (qstricmp(headerName.constData(), "set-cookie") == 0)
+        if (is("set-cookie"))
             return QNetworkRequest::SetCookieHeader;
-        else if (qstricmp(headerName.constData(), "server") == 0)
+        else if (is("server"))
             return QNetworkRequest::ServerHeader;
         break;
 
     case 'u':
-        if (qstricmp(headerName.constData(), "user-agent") == 0)
+        if (is("user-agent"))
             return QNetworkRequest::UserAgentHeader;
         break;
     }
diff --git a/src/network/access/qnetworkrequest.cpp b/src/network/access/qnetworkrequest.cpp
index 7126b8ad86..238ed2edda 100644
--- a/src/network/access/qnetworkrequest.cpp
+++ b/src/network/access/qnetworkrequest.cpp
@@ -1102,48 +1102,52 @@ static int parseHeaderName(const QByteArray &headerName)
     if (headerName.isEmpty())
         return -1;
 
+    auto is = [&](const char *what) {
+        return qstrnicmp(headerName.data(), headerName.size(), what) == 0;
+    };
+
     switch (QtMiscUtils::toAsciiLower(headerName.front())) {
     case 'c':
-        if (headerName.compare("content-type", Qt::CaseInsensitive) == 0)
+        if (is("content-type"))
             return QNetworkRequest::ContentTypeHeader;
-        else if (headerName.compare("content-length", Qt::CaseInsensitive) == 0)
+        else if (is("content-length"))
             return QNetworkRequest::ContentLengthHeader;
-        else if (headerName.compare("cookie", Qt::CaseInsensitive) == 0)
+        else if (is("cookie"))
             return QNetworkRequest::CookieHeader;
-        else if (qstricmp(headerName.constData(), "content-disposition") == 0)
+        else if (is("content-disposition"))
             return QNetworkRequest::ContentDispositionHeader;
         break;
 
     case 'e':
-        if (qstricmp(headerName.constData(), "etag") == 0)
+        if (is("etag"))
             return QNetworkRequest::ETagHeader;
         break;
 
     case 'i':
-        if (qstricmp(headerName.constData(), "if-modified-since") == 0)
+        if (is("if-modified-since"))
             return QNetworkRequest::IfModifiedSinceHeader;
-        if (qstricmp(headerName.constData(), "if-match") == 0)
+        if (is("if-match"))
             return QNetworkRequest::IfMatchHeader;
-        if (qstricmp(headerName.constData(), "if-none-match") == 0)
+        if (is("if-none-match"))
             return QNetworkRequest::IfNoneMatchHeader;
         break;
 
     case 'l':
-        if (headerName.compare("location", Qt::CaseInsensitive) == 0)
+        if (is("location"))
             return QNetworkRequest::LocationHeader;
-        else if (headerName.compare("last-modified", Qt::CaseInsensitive) == 0)
+        else if (is("last-modified"))
             return QNetworkRequest::LastModifiedHeader;
         break;
 
     case 's':
-        if (headerName.compare("set-cookie", Qt::CaseInsensitive) == 0)
+        if (is("set-cookie"))
             return QNetworkRequest::SetCookieHeader;
-        else if (headerName.compare("server", Qt::CaseInsensitive) == 0)
+        else if (is("server"))
             return QNetworkRequest::ServerHeader;
         break;
 
     case 'u':
-        if (headerName.compare("user-agent", Qt::CaseInsensitive) == 0)
+        if (is("user-agent"))
             return QNetworkRequest::UserAgentHeader;
         break;
     }