diff options
author | Peter Hartmann <phartmann@blackberry.com> | 2013-04-17 17:42:32 +0200 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-04-18 22:02:18 +0200 |
commit | 835e720c7e47e3e5ea70875bf26b0b71d6729b57 (patch) | |
tree | 329b0a5b941fa66c16f00a6b4ddb265ad437ef05 /src/network | |
parent | b3bed2c8deb8c4f09ac7b5023cfc24a69a95ad46 (diff) |
SSL internals: fix memory corruption using QSslConfigurationPrivate
We are passing a QSslConfigurationPrivate that is allocated on the stack
(in QSslSocketBackendPrivate::initSslContext()) to
QSslConfiguration::QSslConfiguration(QSslConfigurationPrivate *dd).
When the SSL context is destroyed, this object is not there any more.
So now we create a deep copy of the configuration like we do in
QSslSocket::sslConfiguration().
Task-number: QTBUG-30648
Change-Id: Iaefaa9c00fd6bfb707eba5ac59e9508bf951f8a5
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 2b9c4b5bd2..3b2de7a05b 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -325,9 +325,13 @@ bool QSslSocketBackendPrivate::initSslContext() Q_Q(QSslSocket); // If no external context was set (e.g. bei QHttpNetworkConnection) we will create a default context - if (!sslContextPointer) + if (!sslContextPointer) { + // create a deep copy of our configuration + QSslConfigurationPrivate *configurationCopy = new QSslConfigurationPrivate(configuration); + configurationCopy->ref.store(0); // the QSslConfiguration constructor refs up sslContextPointer = QSharedPointer<QSslContext>( - QSslContext::fromConfiguration(mode, QSslConfiguration(&configuration), allowRootCertOnDemandLoading)); + QSslContext::fromConfiguration(mode, configurationCopy, allowRootCertOnDemandLoading)); + } if (sslContextPointer->error() != QSslError::NoError) { q->setErrorString(sslContextPointer->errorString()); |