diff options
| author | MÃ¥rten Nordheim <marten.nordheim@qt.io> | 2022-08-16 15:25:10 +0200 |
|---|---|---|
| committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2022-08-18 10:32:39 +0000 |
| commit | 2a276e0dbf8a83967dd9b313fa67ba54bdbb364b (patch) | |
| tree | 22d8260ebad768e5351de1591c794ced87c8987d /tests | |
| parent | 7537006c76bb5d910a1904f3634f8d9bc0d88096 (diff) | |
QSslServer: Implement handshake timeouts
If a client doesn't send any data then we would leave the socket open
for as long as it needed, wasting resources. Add timeouts to limit the
amount of time this can happen for.
Since there is a limit on number of sockets that the server will have
queued, having idle sockets stick around forever is a vector for ddos.
Change-Id: Ida6251c92c625eeadf2065861b840b14255654b8
Reviewed-by: Ievgenii Meshcheriakov <ievgenii.meshcheriakov@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit 29a1fe72a0888eb1f22a5ae9fe1b3d87257f3246)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp b/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp index fb8a74d8de..088f0170f4 100644 --- a/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp +++ b/tests/auto/network/ssl/qsslserver/tst_qsslserver.cpp @@ -24,6 +24,7 @@ private slots: void testPreSharedKeyAuthenticationRequired(); #endif void plaintextClient(); + void quietClient(); private: QString testDataDir; @@ -459,6 +460,33 @@ void tst_QSslServer::plaintextClient() QCOMPARE(socket.state(), QAbstractSocket::SocketState::UnconnectedState); } +void tst_QSslServer::quietClient() +{ + QSslConfiguration serverConfiguration = selfSignedServerQSslConfiguration(); + SslServerSpy server(serverConfiguration); + server.server.setHandshakeTimeout(1'000); + QVERIFY(server.server.listen()); + + quint16 serverPeerPort = 0; + auto grabServerPeerPort = [&serverPeerPort](QSslSocket *socket) { + serverPeerPort = socket->peerPort(); + }; + QObject::connect(&server.server, &QSslServer::errorOccurred, &server.server, + grabServerPeerPort); + + QTcpSocket socket; + QSignalSpy socketDisconnectedSpy(&socket, &QTcpSocket::disconnected); + socket.connectToHost(QHostAddress::LocalHost, server.server.serverPort()); + quint16 clientLocalPort = socket.localPort(); + QVERIFY(socket.waitForConnected()); + // Disconnects after overlong break: + QVERIFY(socketDisconnectedSpy.wait(5'000)); + QCOMPARE(socket.state(), QAbstractSocket::SocketState::UnconnectedState); + + QCOMPARE_GT(server.errorOccurredSpy.size(), 0); + QCOMPARE(serverPeerPort, clientLocalPort); +} + QTEST_MAIN(tst_QSslServer) #include "tst_qsslserver.moc" |