diff options
| author | Richard J. Moore <rich@kde.org> | 2015-01-31 15:03:47 +0000 |
|---|---|---|
| committer | Jeremy Lainé <jeremy.laine@m4x.org> | 2015-02-04 15:49:50 +0000 |
| commit | 91a48160d62e6c2fd7e0e1d6739048a3401621b9 (patch) | |
| tree | 4706c01555a9f41651b6df53d2b9034145fad711 /src/network | |
| parent | 3bc5f8c08107bcf8b5c274411850a67aed92372d (diff) | |
Move Rfc822NameType, DnsNameType and UniformResourceIdentifierType.
Move these types to QAsn1Element so that they can use the toString()
method which guards against malicious ASN.1.
Change-Id: I7d6155147a6fc2d41da6f3ae87551b6cb75aa9ce
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
Diffstat (limited to 'src/network')
| -rw-r--r-- | src/network/ssl/qasn1element.cpp | 4 | ||||
| -rw-r--r-- | src/network/ssl/qasn1element_p.h | 5 | ||||
| -rw-r--r-- | src/network/ssl/qsslcertificate_qt.cpp | 23 |
3 files changed, 16 insertions, 16 deletions
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp index 88f0ffb625..62e1bb0bee 100644 --- a/src/network/ssl/qasn1element.cpp +++ b/src/network/ssl/qasn1element.cpp @@ -340,7 +340,9 @@ QString QAsn1Element::toString() const if (qstrlen(mValue) < uint(mValue.size())) return QString(); - if (mType == PrintableStringType || mType == TeletexStringType) + if (mType == PrintableStringType || mType == TeletexStringType + || mType == Rfc822NameType || mType == DnsNameType + || mType == UniformResourceIdentifierType) return QString::fromLatin1(mValue, mValue.size()); if (mType == Utf8StringType) return QString::fromUtf8(mValue, mValue.size()); diff --git a/src/network/ssl/qasn1element_p.h b/src/network/ssl/qasn1element_p.h index 36a7c90de3..c6c4a75d13 100644 --- a/src/network/ssl/qasn1element_p.h +++ b/src/network/ssl/qasn1element_p.h @@ -81,6 +81,11 @@ public: SequenceType = 0x30, SetType = 0x31, + // GeneralNameTypes + Rfc822NameType = 0x81, + DnsNameType = 0x82, + UniformResourceIdentifierType = 0x86, + // context specific Context0Type = 0xA0, Context3Type = 0xA3 diff --git a/src/network/ssl/qsslcertificate_qt.cpp b/src/network/ssl/qsslcertificate_qt.cpp index 217592df37..62bb6e4ad0 100644 --- a/src/network/ssl/qsslcertificate_qt.cpp +++ b/src/network/ssl/qsslcertificate_qt.cpp @@ -53,13 +53,6 @@ QT_BEGIN_NAMESPACE -enum GeneralNameType -{ - Rfc822NameType = 0x81, - DnsNameType = 0x82, - UniformResourceIdentifierType = 0x86 -}; - bool QSslCertificate::operator==(const QSslCertificate &other) const { if (d == other.d) @@ -407,10 +400,10 @@ bool QSslCertificatePrivate::parse(const QByteArray &data) QDataStream nameStream(sanElem.value()); QAsn1Element nameElem; while (nameElem.read(nameStream)) { - if (nameElem.type() == Rfc822NameType) { - subjectAlternativeNames.insert(QSsl::EmailEntry, QString::fromLatin1(nameElem.value(), nameElem.value().size())); - } else if (nameElem.type() == DnsNameType) { - subjectAlternativeNames.insert(QSsl::DnsEntry, QString::fromLatin1(nameElem.value(), nameElem.value().size())); + if (nameElem.type() == QAsn1Element::Rfc822NameType) { + subjectAlternativeNames.insert(QSsl::EmailEntry, nameElem.toString()); + } else if (nameElem.type() == QAsn1Element::DnsNameType) { + subjectAlternativeNames.insert(QSsl::DnsEntry, nameElem.toString()); } } } @@ -464,10 +457,10 @@ bool QSslCertificatePrivate::parseExtension(const QByteArray &data, QSslCertific return false; const QString key = QString::fromLatin1(items.at(0).toObjectName()); switch (items.at(1).type()) { - case Rfc822NameType: - case DnsNameType: - case UniformResourceIdentifierType: - result[key] = QString::fromLatin1(items.at(1).value(), items.at(1).value().size()); + case QAsn1Element::Rfc822NameType: + case QAsn1Element::DnsNameType: + case QAsn1Element::UniformResourceIdentifierType: + result[key] = items.at(1).toString(); break; } } |