From 0326ea08b1d856b5d879564d8dc4a122ad457575 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Tue, 6 Dec 2022 23:47:36 +0100 Subject: QNetworkRequest: don't assume QByteArray::constData() is NUL-terminated MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It isn't guaranteed to be, for QByteArrays originating from QByteArray::fromRawData(). Use the four-arg qstrnicmp() overload (with defaulted fourth argument), wrapped in a lambda to DRY, instead of qstricmp(), which may produce incorrect results or even read past user-supplied buffers. There were also uses of QByteArray::compare(c-literal, Qt::CaseInsensitive). They're not affected by the problem, but QByteArray is scheduled to lose its string-y API parts and become a container of octets in the future. Besides, the lambda solution is much nicer on the eye. Pick-to: 6.4 6.2 5.15 Change-Id: I1e0f9003082f4158edecc6fe8cf3c0518e5403f5 Reviewed-by: Thiago Macieira Reviewed-by: Lorn Potter Reviewed-by: MÃ¥rten Nordheim --- src/network/access/qnetworkreplywasmimpl.cpp | 20 +++++++++++-------- src/network/access/qnetworkrequest.cpp | 30 ++++++++++++++++------------ 2 files changed, 29 insertions(+), 21 deletions(-) (limited to 'src/network') diff --git a/src/network/access/qnetworkreplywasmimpl.cpp b/src/network/access/qnetworkreplywasmimpl.cpp index b05fae73db..a10d2f843a 100644 --- a/src/network/access/qnetworkreplywasmimpl.cpp +++ b/src/network/access/qnetworkreplywasmimpl.cpp @@ -347,32 +347,36 @@ static int parseHeaderName(const QByteArray &headerName) if (headerName.isEmpty()) return -1; + auto is = [&](const char *what) { + return qstrnicmp(headerName.data(), headerName.size(), what) == 0; + }; + switch (QtMiscUtils::toAsciiLower(headerName.front())) { case 'c': - if (qstricmp(headerName.constData(), "content-type") == 0) + if (is("content-type")) return QNetworkRequest::ContentTypeHeader; - else if (qstricmp(headerName.constData(), "content-length") == 0) + else if (is("content-length")) return QNetworkRequest::ContentLengthHeader; - else if (qstricmp(headerName.constData(), "cookie") == 0) + else if (is("cookie")) return QNetworkRequest::CookieHeader; break; case 'l': - if (qstricmp(headerName.constData(), "location") == 0) + if (is("location")) return QNetworkRequest::LocationHeader; - else if (qstricmp(headerName.constData(), "last-modified") == 0) + else if (is("last-modified")) return QNetworkRequest::LastModifiedHeader; break; case 's': - if (qstricmp(headerName.constData(), "set-cookie") == 0) + if (is("set-cookie")) return QNetworkRequest::SetCookieHeader; - else if (qstricmp(headerName.constData(), "server") == 0) + else if (is("server")) return QNetworkRequest::ServerHeader; break; case 'u': - if (qstricmp(headerName.constData(), "user-agent") == 0) + if (is("user-agent")) return QNetworkRequest::UserAgentHeader; break; } diff --git a/src/network/access/qnetworkrequest.cpp b/src/network/access/qnetworkrequest.cpp index 7126b8ad86..238ed2edda 100644 --- a/src/network/access/qnetworkrequest.cpp +++ b/src/network/access/qnetworkrequest.cpp @@ -1102,48 +1102,52 @@ static int parseHeaderName(const QByteArray &headerName) if (headerName.isEmpty()) return -1; + auto is = [&](const char *what) { + return qstrnicmp(headerName.data(), headerName.size(), what) == 0; + }; + switch (QtMiscUtils::toAsciiLower(headerName.front())) { case 'c': - if (headerName.compare("content-type", Qt::CaseInsensitive) == 0) + if (is("content-type")) return QNetworkRequest::ContentTypeHeader; - else if (headerName.compare("content-length", Qt::CaseInsensitive) == 0) + else if (is("content-length")) return QNetworkRequest::ContentLengthHeader; - else if (headerName.compare("cookie", Qt::CaseInsensitive) == 0) + else if (is("cookie")) return QNetworkRequest::CookieHeader; - else if (qstricmp(headerName.constData(), "content-disposition") == 0) + else if (is("content-disposition")) return QNetworkRequest::ContentDispositionHeader; break; case 'e': - if (qstricmp(headerName.constData(), "etag") == 0) + if (is("etag")) return QNetworkRequest::ETagHeader; break; case 'i': - if (qstricmp(headerName.constData(), "if-modified-since") == 0) + if (is("if-modified-since")) return QNetworkRequest::IfModifiedSinceHeader; - if (qstricmp(headerName.constData(), "if-match") == 0) + if (is("if-match")) return QNetworkRequest::IfMatchHeader; - if (qstricmp(headerName.constData(), "if-none-match") == 0) + if (is("if-none-match")) return QNetworkRequest::IfNoneMatchHeader; break; case 'l': - if (headerName.compare("location", Qt::CaseInsensitive) == 0) + if (is("location")) return QNetworkRequest::LocationHeader; - else if (headerName.compare("last-modified", Qt::CaseInsensitive) == 0) + else if (is("last-modified")) return QNetworkRequest::LastModifiedHeader; break; case 's': - if (headerName.compare("set-cookie", Qt::CaseInsensitive) == 0) + if (is("set-cookie")) return QNetworkRequest::SetCookieHeader; - else if (headerName.compare("server", Qt::CaseInsensitive) == 0) + else if (is("server")) return QNetworkRequest::ServerHeader; break; case 'u': - if (headerName.compare("user-agent", Qt::CaseInsensitive) == 0) + if (is("user-agent")) return QNetworkRequest::UserAgentHeader; break; } -- cgit v1.2.3