diff options
Diffstat (limited to 'src/network/ssl/qasn1element.cpp')
| -rw-r--r-- | src/network/ssl/qasn1element.cpp | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp index 5634332a67..e8b70a14df 100644 --- a/src/network/ssl/qasn1element.cpp +++ b/src/network/ssl/qasn1element.cpp @@ -142,12 +142,20 @@ bool QAsn1Element::read(QDataStream &stream) if (length > quint64(std::numeric_limits<int>::max())) return false; - // value + + // read value in blocks to avoid being fooled by incorrect length + const int BUFFERSIZE = 4 * 1024; QByteArray tmpValue; - tmpValue.resize(length); - int count = stream.readRawData(tmpValue.data(), tmpValue.size()); - if (count != int(length)) - return false; + int remainingLength = length; + while (remainingLength) { + char readBuffer[BUFFERSIZE]; + const int bytesToRead = qMin(remainingLength, BUFFERSIZE); + const int count = stream.readRawData(readBuffer, bytesToRead); + if (count != int(bytesToRead)) + return false; + tmpValue.append(readBuffer, bytesToRead); + remainingLength -= bytesToRead; + } mType = tmpType; mValue.swap(tmpValue); @@ -310,8 +318,9 @@ qint64 QAsn1Element::toInteger(bool *ok) const return 0; } - // NOTE: negative numbers are not handled - if (mValue.at(0) & 0x80) { + // NOTE: - negative numbers are not handled + // - greater sizes would overflow + if (mValue.at(0) & 0x80 || mValue.size() > 8) { if (ok) *ok = false; return 0; |