diff options
author | Marc Mutz <marc.mutz@qt.io> | 2022-12-06 23:47:36 +0100 |
---|---|---|
committer | Marc Mutz <marc.mutz@qt.io> | 2022-12-08 18:00:17 +0000 |
commit | 0326ea08b1d856b5d879564d8dc4a122ad457575 (patch) | |
tree | 49c3535e92c810e9fe192acce124c06b366c1cbd /src/network/access | |
parent | 536e17372803e7c9557e4a59ae8dad0405f11cd2 (diff) |
QNetworkRequest: don't assume QByteArray::constData() is NUL-terminated
It isn't guaranteed to be, for QByteArrays originating from
QByteArray::fromRawData().
Use the four-arg qstrnicmp() overload (with defaulted fourth
argument), wrapped in a lambda to DRY, instead of qstricmp(), which
may produce incorrect results or even read past user-supplied buffers.
There were also uses of QByteArray::compare(c-literal,
Qt::CaseInsensitive). They're not affected by the problem, but
QByteArray is scheduled to lose its string-y API parts and become a
container of octets in the future. Besides, the lambda solution is
much nicer on the eye.
Pick-to: 6.4 6.2 5.15
Change-Id: I1e0f9003082f4158edecc6fe8cf3c0518e5403f5
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Lorn Potter <lorn.potter@gmail.com>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/network/access')
-rw-r--r-- | src/network/access/qnetworkreplywasmimpl.cpp | 20 | ||||
-rw-r--r-- | src/network/access/qnetworkrequest.cpp | 30 |
2 files changed, 29 insertions, 21 deletions
diff --git a/src/network/access/qnetworkreplywasmimpl.cpp b/src/network/access/qnetworkreplywasmimpl.cpp index b05fae73db..a10d2f843a 100644 --- a/src/network/access/qnetworkreplywasmimpl.cpp +++ b/src/network/access/qnetworkreplywasmimpl.cpp @@ -347,32 +347,36 @@ static int parseHeaderName(const QByteArray &headerName) if (headerName.isEmpty()) return -1; + auto is = [&](const char *what) { + return qstrnicmp(headerName.data(), headerName.size(), what) == 0; + }; + switch (QtMiscUtils::toAsciiLower(headerName.front())) { case 'c': - if (qstricmp(headerName.constData(), "content-type") == 0) + if (is("content-type")) return QNetworkRequest::ContentTypeHeader; - else if (qstricmp(headerName.constData(), "content-length") == 0) + else if (is("content-length")) return QNetworkRequest::ContentLengthHeader; - else if (qstricmp(headerName.constData(), "cookie") == 0) + else if (is("cookie")) return QNetworkRequest::CookieHeader; break; case 'l': - if (qstricmp(headerName.constData(), "location") == 0) + if (is("location")) return QNetworkRequest::LocationHeader; - else if (qstricmp(headerName.constData(), "last-modified") == 0) + else if (is("last-modified")) return QNetworkRequest::LastModifiedHeader; break; case 's': - if (qstricmp(headerName.constData(), "set-cookie") == 0) + if (is("set-cookie")) return QNetworkRequest::SetCookieHeader; - else if (qstricmp(headerName.constData(), "server") == 0) + else if (is("server")) return QNetworkRequest::ServerHeader; break; case 'u': - if (qstricmp(headerName.constData(), "user-agent") == 0) + if (is("user-agent")) return QNetworkRequest::UserAgentHeader; break; } diff --git a/src/network/access/qnetworkrequest.cpp b/src/network/access/qnetworkrequest.cpp index 7126b8ad86..238ed2edda 100644 --- a/src/network/access/qnetworkrequest.cpp +++ b/src/network/access/qnetworkrequest.cpp @@ -1102,48 +1102,52 @@ static int parseHeaderName(const QByteArray &headerName) if (headerName.isEmpty()) return -1; + auto is = [&](const char *what) { + return qstrnicmp(headerName.data(), headerName.size(), what) == 0; + }; + switch (QtMiscUtils::toAsciiLower(headerName.front())) { case 'c': - if (headerName.compare("content-type", Qt::CaseInsensitive) == 0) + if (is("content-type")) return QNetworkRequest::ContentTypeHeader; - else if (headerName.compare("content-length", Qt::CaseInsensitive) == 0) + else if (is("content-length")) return QNetworkRequest::ContentLengthHeader; - else if (headerName.compare("cookie", Qt::CaseInsensitive) == 0) + else if (is("cookie")) return QNetworkRequest::CookieHeader; - else if (qstricmp(headerName.constData(), "content-disposition") == 0) + else if (is("content-disposition")) return QNetworkRequest::ContentDispositionHeader; break; case 'e': - if (qstricmp(headerName.constData(), "etag") == 0) + if (is("etag")) return QNetworkRequest::ETagHeader; break; case 'i': - if (qstricmp(headerName.constData(), "if-modified-since") == 0) + if (is("if-modified-since")) return QNetworkRequest::IfModifiedSinceHeader; - if (qstricmp(headerName.constData(), "if-match") == 0) + if (is("if-match")) return QNetworkRequest::IfMatchHeader; - if (qstricmp(headerName.constData(), "if-none-match") == 0) + if (is("if-none-match")) return QNetworkRequest::IfNoneMatchHeader; break; case 'l': - if (headerName.compare("location", Qt::CaseInsensitive) == 0) + if (is("location")) return QNetworkRequest::LocationHeader; - else if (headerName.compare("last-modified", Qt::CaseInsensitive) == 0) + else if (is("last-modified")) return QNetworkRequest::LastModifiedHeader; break; case 's': - if (headerName.compare("set-cookie", Qt::CaseInsensitive) == 0) + if (is("set-cookie")) return QNetworkRequest::SetCookieHeader; - else if (headerName.compare("server", Qt::CaseInsensitive) == 0) + else if (is("server")) return QNetworkRequest::ServerHeader; break; case 'u': - if (headerName.compare("user-agent", Qt::CaseInsensitive) == 0) + if (is("user-agent")) return QNetworkRequest::UserAgentHeader; break; } |