From 0732c5917d5441f901c6789056066b25cd263103 Mon Sep 17 00:00:00 2001 From: Andreas Buhr Date: Mon, 16 Nov 2020 12:19:02 +0100 Subject: Prevent time zone lookup from using infinite amounts of memory The QTzTimeZoneCache created one cache entry for every time zone which was looked up, even if the code was invalid. This uses some memory for each time zone code queried and thus allows DOS attacks if user supplied time zone codes are parsed. This patch changes the cache to use QCache instead of QHash and thus only store up to 100 zones in the cache. Change-Id: Ia87fe500b8b9cf23dced5448a33b047702515f19 Reviewed-by: Thiago Macieira --- src/corelib/time/qtimezoneprivate_tz.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/corelib/time/qtimezoneprivate_tz.cpp b/src/corelib/time/qtimezoneprivate_tz.cpp index 4ac4559d36..9cc477d2a5 100644 --- a/src/corelib/time/qtimezoneprivate_tz.cpp +++ b/src/corelib/time/qtimezoneprivate_tz.cpp @@ -46,7 +46,7 @@ #include #include #include -#include +#include #include #include @@ -660,7 +660,7 @@ public: private: QTzTimeZoneCacheEntry findEntry(const QByteArray &ianaId); - QHash m_cache; + QCache m_cache; QMutex m_mutex; }; @@ -842,13 +842,13 @@ QTzTimeZoneCacheEntry QTzTimeZoneCache::fetchEntry(const QByteArray &ianaId) QMutexLocker locker(&m_mutex); // search the cache... - const auto& it = m_cache.find(ianaId); - if (it != m_cache.constEnd()) - return *it; + QTzTimeZoneCacheEntry *obj = m_cache.object(ianaId); + if (obj) + return *obj; // ... or build a new entry from scratch QTzTimeZoneCacheEntry ret = findEntry(ianaId); - m_cache[ianaId] = ret; + m_cache.insert(ianaId, new QTzTimeZoneCacheEntry(ret)); return ret; } -- cgit v1.2.3