summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorShane Kearns <ext-shane.2.kearns@nokia.com>2012-05-21 10:54:37 +0100
committerQt by Nokia <qt-info@nokia.com>2012-05-21 16:03:41 +0200
commit63e996200268599522db97d9a0ef37f43d5ca506 (patch)
treed087fd6341ca629af5dac206fc946b4b07d5566b /src
parent22ef455c6dc7c7f5e9447a82095abd9c4b380656 (diff)
Prevent infinite loops by handling all ZLIB errors
In case the HTTP server returns more data after the end of the compressed data stream, inflate will return Z_STREAM_END, which is a normal informative error code. This was handled in 4.8, but lost in 5.0. Also catch all ZLIB negative error codes rather than only three. Task-number: QTBUG-25823 Change-Id: Ibdbbd3dd6fa81a0880c477cb080ad35f2d7116f0 Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
Diffstat (limited to 'src')
-rw-r--r--src/network/access/qhttpnetworkreply.cpp9
1 files changed, 4 insertions, 5 deletions
diff --git a/src/network/access/qhttpnetworkreply.cpp b/src/network/access/qhttpnetworkreply.cpp
index bcfe48f29d..b95a227467 100644
--- a/src/network/access/qhttpnetworkreply.cpp
+++ b/src/network/access/qhttpnetworkreply.cpp
@@ -699,14 +699,13 @@ qint64 QHttpNetworkReplyPrivate::uncompressBodyData(QByteDataBuffer *in, QByteDa
inflateStrm.next_out = reinterpret_cast<Bytef*>(bOut.data());
int ret = inflate(&inflateStrm, Z_NO_FLUSH);
- switch (ret) {
- case Z_NEED_DICT:
- case Z_DATA_ERROR:
- case Z_MEM_ERROR:
+ //All negative return codes are errors, in the context of HTTP compression, Z_NEED_DICT is also an error.
+ if (ret < 0 || ret == Z_NEED_DICT)
return -1;
- }
bOut.resize(bOut.capacity() - inflateStrm.avail_out);
out->append(bOut);
+ if (ret == Z_STREAM_END)
+ return out->byteAmount();
} while (inflateStrm.avail_in > 0);
}