Merge remote-tracking branch 'origin/5.14' into 5.15

Change-Id: Ib2a2e3a292af43be3a980c2ccc943c08f4bbf72f
author: Mitch Curtis <mitch.curtis@qt.io> 2020-03-20 11:18:17 +0100
committer: Mitch Curtis <mitch.curtis@qt.io> 2020-03-20 11:28:14 +0100
commit: 69a5be7ef0475ba748ffbe50017c73e44a23a051 (patch)
tree: d29043898dba33596e3eb2ee51645b3330a87a88 /src/network/ssl/qsslsocket_openssl_symbols.cpp
parent: 0359a82e6ef538316e550e7fa7c6dee8db72a225 (diff)
parent: fcbbe7ff21a263f7fafb189caff4b662d4da7eda (diff)
1 files changed, 17 insertions, 1 deletions
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index 84422e9c8f..6fe602a79e 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -1187,6 +1187,9 @@ QDateTime q_getTimeFromASN1(const ASN1_TIME *aTime)
 {
     size_t lTimeLength = aTime->length;
     char *pString = (char *) aTime->data;
+    auto isValidPointer = [pString, lTimeLength](const char *const probe){
+        return size_t(probe - pString) < lTimeLength;
+    };
 
     if (aTime->type == V_ASN1_UTCTIME) {
 
@@ -1205,12 +1208,21 @@ QDateTime q_getTimeFromASN1(const ASN1_TIME *aTime)
             *pBuffer++ = '0';
         } else {
             *pBuffer++ = *pString++;
+            if (!isValidPointer(pString)) // Nah.
+                return {};
             *pBuffer++ = *pString++;
+            if (!isValidPointer(pString)) // Nah.
+                return {};
             // Skip any fractional seconds...
             if (*pString == '.') {
                 pString++;
-                while ((*pString >= '0') && (*pString <= '9'))
+                if (!isValidPointer(pString)) // Oh no, cannot dereference (see below).
+                    return {};
+                while ((*pString >= '0') && (*pString <= '9')) {
                     pString++;
+                    if (!isValidPointer(pString)) // No and no.
+                        return {};
+                }
             }
         }
 
@@ -1224,6 +1236,10 @@ QDateTime q_getTimeFromASN1(const ASN1_TIME *aTime)
             if ((*pString != '+') && (*pString != '-'))
                 return QDateTime();
 
+            if (!isValidPointer(pString + 4)) {
+                // What kind of input parameters we were provided with? To hell with them!
+                return {};
+            }
             lSecondsFromUCT = ((pString[1] - '0') * 10 + (pString[2] - '0')) * 60;
             lSecondsFromUCT += (pString[3] - '0') * 10 + (pString[4] - '0');
             lSecondsFromUCT *= 60;
author	Mitch Curtis <mitch.curtis@qt.io>	2020-03-20 11:18:17 +0100
committer	Mitch Curtis <mitch.curtis@qt.io>	2020-03-20 11:28:14 +0100
commit	69a5be7ef0475ba748ffbe50017c73e44a23a051 (patch)
tree	d29043898dba33596e3eb2ee51645b3330a87a88 /src/network/ssl/qsslsocket_openssl_symbols.cpp
parent	0359a82e6ef538316e550e7fa7c6dee8db72a225 (diff)
parent	fcbbe7ff21a263f7fafb189caff4b662d4da7eda (diff)