From faeaddc1b92f1000a5a1d9d7cdea9276bdfefe26 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Wed, 15 Jun 2016 10:01:14 +0200 Subject: QSslSocket::transmit (macOS/iOS) - do not use invalid context 1. QSslSocketBackendPrivate::transmit can invalidate SSL context causing subsequent SSLWrite or SSLRead calls to fail; these report errSecParam (as null context is an invalid parameter) spuriously, when we should rather report the cause of invalidation. The OpenSSL backend can trigger this when it aborts connection during an SSL handshake, on an sslErrors signal. As transmit() emits readReady(), a directly connected slot can trigger the same problem if it aborts or closes. 2. If during peer verification (and in checkSslErrors) we disconnect on sslErrors signal, peer verification must be considered failed and should not continue handshake/set connectionEncrypted. Task-number: QTBUG-52975 Task-number: QTBUG-53906 Change-Id: Iacd3b489a4156e25ef3460ace40d21f34a946bed Reviewed-by: Edward Welbourne --- src/network/ssl/qsslsocket_mac.cpp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src/network') diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 4e090f96cb..9f0359aa47 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -634,7 +634,7 @@ void QSslSocketBackendPrivate::transmit() if (connectionEncrypted && !writeBuffer.isEmpty()) { qint64 totalBytesWritten = 0; - while (writeBuffer.nextDataBlockSize() > 0) { + while (writeBuffer.nextDataBlockSize() > 0 && context) { const size_t nextDataBlockSize = writeBuffer.nextDataBlockSize(); size_t writtenBytes = 0; const OSStatus err = SSLWrite(context, writeBuffer.readPointer(), nextDataBlockSize, &writtenBytes); @@ -668,7 +668,7 @@ void QSslSocketBackendPrivate::transmit() if (connectionEncrypted) { QVarLengthArray data; - while (true) { + while (context) { size_t readBytes = 0; data.resize(4096); const OSStatus err = SSLRead(context, data.data(), data.size(), &readBytes); @@ -1305,7 +1305,10 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() // report errors if (!errors.isEmpty() && !canIgnoreVerify) { sslErrors = errors; - if (!checkSslErrors()) + // checkSslErrors unconditionally emits sslErrors: + // a user's slot can abort/close/disconnect on this + // signal, so we also test the socket's state: + if (!checkSslErrors() || q->state() != QAbstractSocket::ConnectedState) return false; } else { sslErrors.clear(); -- cgit v1.2.3 From 890edc45d897639f0ef99a561ea033d6ae5781e7 Mon Sep 17 00:00:00 2001 From: Giuseppe D'Angelo Date: Sun, 5 Jun 2016 20:57:38 +0200 Subject: QSslSocket: improve documentation of the supported protocols MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1) To describe a protocol version we should use an "ordinary" name, not use the values out of the QSsl::SslProtocol enum. 2) Say that we support the latest stable TLS version (1.2, not 1.0). 3) Fix a statement about which protocol is the default one. Change-Id: I18732914d55060a0c3920f7082f986c262a71ded Reviewed-by: André Klitzing Reviewed-by: Richard J. Moore --- src/network/ssl/qsslsocket.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/network') diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 25a471dda8..c453606262 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -49,7 +49,8 @@ QSslSocket establishes a secure, encrypted TCP connection you can use for transmitting encrypted data. It can operate in both client and server mode, and it supports modern SSL protocols, including - SSLv3 and TLSv1_0. By default, QSslSocket uses TLSv1_0, but you can + SSL 3 and TLS 1.2. By default, QSslSocket uses only SSL protocols + which are considered to be secure (QSsl::SecureProtocols), but you can change the SSL protocol by calling setProtocol() as long as you do it before the handshake has started. -- cgit v1.2.3 From b7744e0b05255fc468db2af215ba94eca4b7757b Mon Sep 17 00:00:00 2001 From: Ralf Nolden Date: Fri, 1 Jul 2016 10:33:43 +0200 Subject: Replace LLINDEX macro not present on all BSDs with the code FreeBSD < 10 doesn't have the LLINDEX macro either in net/if_dl.h, so besides OpenBSD yet another condition to declare the LLINDEX macro for systems where it isn't present does make it more complicated than replacing its usage with the actual code. Change-Id: I7e8ef3e265564526e05ec3115f9fa765d399f045 Reviewed-by: Thiago Macieira --- src/network/socket/qnativesocketengine_unix.cpp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'src/network') diff --git a/src/network/socket/qnativesocketengine_unix.cpp b/src/network/socket/qnativesocketengine_unix.cpp index e92123e10c..5dfc6480da 100644 --- a/src/network/socket/qnativesocketengine_unix.cpp +++ b/src/network/socket/qnativesocketengine_unix.cpp @@ -906,10 +906,7 @@ qint64 QNativeSocketEnginePrivate::nativeReceiveDatagram(char *data, qint64 maxS if (cmsgptr->cmsg_level == IPPROTO_IP && cmsgptr->cmsg_type == IP_RECVIF && cmsgptr->cmsg_len >= CMSG_LEN(sizeof(sockaddr_dl))) { sockaddr_dl *sdl = reinterpret_cast(CMSG_DATA(cmsgptr)); -# if defined(Q_OS_OPENBSD) -# define LLINDEX(s) ((s)->sdl_index) -# endif - header->ifindex = LLINDEX(sdl); + header->ifindex = sdl->sdl_index; } # endif #endif -- cgit v1.2.3 From cddb344f3e24e3a61baf896161618c36a3f0c737 Mon Sep 17 00:00:00 2001 From: Alex Trotsenko Date: Thu, 30 Jun 2016 18:45:41 +0300 Subject: QSslSocket: reset connection parameters on disconnect Otherwise socketDescriptor(), localPort(), localAddress(), peerPort(), peerAddress(), and peerName() remain uncleared until close() is called. This could take place when the connection is closed by the remote endpoint or the user calls disconnectFromHost(). After disconnecting, connection parameters are no longer valid, while I/O device is still opened and may have pending data for reading. Usually, the user reads all incoming data and closes the device independently. Change-Id: Ic898851c39137faf64019949910f0d94ebb79df7 Reviewed-by: Edward Welbourne --- src/network/ssl/qsslsocket.cpp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/network') diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 591d635162..ccb11de7e0 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -2401,6 +2401,13 @@ void QSslSocketPrivate::_q_disconnectedSlot() #endif disconnected(); emit q->disconnected(); + + q->setLocalPort(0); + q->setLocalAddress(QHostAddress()); + q->setPeerPort(0); + q->setPeerAddress(QHostAddress()); + q->setPeerName(QString()); + cachedSocketDescriptor = -1; } /*! -- cgit v1.2.3 From a91d0dd369313dfa8865f99e590b868146cb4388 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Tue, 5 Jul 2016 15:11:43 +0200 Subject: Q_(U)INT64_C is not a type, so don't use it as if it was These expressions only work because they contain no non-parenthesized commas and an int literal is last. Fix by wrapping only the integer literal in Q_(U)INT64_C. Change-Id: I6b8e508b6c7c022f4b3342f65c26aab89ce17702 Reviewed-by: Thiago Macieira --- src/network/kernel/qauthenticator.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/network') diff --git a/src/network/kernel/qauthenticator.cpp b/src/network/kernel/qauthenticator.cpp index 92d8779cab..1b9c0de6e1 100644 --- a/src/network/kernel/qauthenticator.cpp +++ b/src/network/kernel/qauthenticator.cpp @@ -1272,10 +1272,10 @@ static QByteArray qEncodeNtlmv2Response(const QAuthenticatorPrivate *ctx, // 369 years, 89 leap years // ((369 * 365) + 89) * 24 * 3600 = 11644473600 - time = Q_UINT64_C(currentTime.toTime_t() + 11644473600); + time = currentTime.toTime_t() + Q_UINT64_C(11644473600); // represented as 100 nano seconds - time = Q_UINT64_C(time * 10000000); + time = time * Q_UINT64_C(10000000); ds << time; } -- cgit v1.2.3 From 5dc739ba9b09326bf113bb7f4ce9aa45fe671c6b Mon Sep 17 00:00:00 2001 From: Anton Kudryavtsev Date: Tue, 5 Jul 2016 16:25:40 +0300 Subject: Replace QString::trimmed() with QStringRef::trimmed() ... where it's possible. Reduce allocations. Change-Id: I023adfd316f94948fe50749f60bf55748dca56e2 Reviewed-by: Edward Welbourne --- src/network/access/qftp.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/network') diff --git a/src/network/access/qftp.cpp b/src/network/access/qftp.cpp index 19b519243c..7b6f830333 100644 --- a/src/network/access/qftp.cpp +++ b/src/network/access/qftp.cpp @@ -2034,7 +2034,7 @@ int QFtp::rename(const QString &oldname, const QString &newname) */ int QFtp::rawCommand(const QString &command) { - QString cmd = command.trimmed() + QLatin1String("\r\n"); + const QString cmd = QStringRef(&command).trimmed() + QLatin1String("\r\n"); return d_func()->addCommand(new QFtpCommand(RawCommand, QStringList(cmd))); } @@ -2253,8 +2253,8 @@ void QFtpPrivate::_q_startNextCommand() // Proxy support, replace the Login argument in place, then fall // through. if (c->command == QFtp::Login && !proxyHost.isEmpty()) { - QString loginString = c->rawCmds.constFirst().trimmed(); - loginString += QLatin1Char('@') + host; + QString loginString; + loginString += QStringRef(&c->rawCmds.constFirst()).trimmed() + QLatin1Char('@') + host; if (port && port != 21) loginString += QLatin1Char(':') + QString::number(port); loginString += QLatin1String("\r\n"); -- cgit v1.2.3 From 2788fccd29fba84bca7581778f5bc683736f1d0e Mon Sep 17 00:00:00 2001 From: Anton Kudryavtsev Date: Wed, 6 Jul 2016 11:32:54 +0300 Subject: Use QStringLiteral more judiciously Replace it with QL1S in QStringBuilder expressions and in overloaded functions. Replace patterns 'QString::number() + QStringLiteral' and 'QStringLiteral + QString::number()' with QString::asprintf. Saves some text size. Change-Id: Ib39b2332264dfc3df04e77f2c101b47a1030cef4 Reviewed-by: Edward Welbourne Reviewed-by: Thiago Macieira --- src/network/ssl/qsslsocket_mac.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/network') diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 3845a3d455..ba346f77d1 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -468,7 +468,7 @@ long QSslSocketPrivate::sslLibraryVersionNumber() QString QSslSocketPrivate::sslLibraryVersionString() { - return QStringLiteral("Secure Transport, ") + QSysInfo::prettyProductName(); + return QLatin1String("Secure Transport, ") + QSysInfo::prettyProductName(); } long QSslSocketPrivate::sslLibraryBuildVersionNumber() -- cgit v1.2.3 From 8beddf8328eb65436790e332b5e0c0760ada0c7d Mon Sep 17 00:00:00 2001 From: Gabriel de Dietrich Date: Wed, 29 Jun 2016 16:27:25 -0700 Subject: QSslSocketBackendPrivate: Remove QString warnings Change-Id: I2ab758fe61ea1ba9b84672ac05ac219b85e3de6a Reviewed-by: Timur Pocheptsov --- src/network/ssl/qsslsocket_mac.cpp | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'src/network') diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 9f0359aa47..8aa9269f4b 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -600,7 +600,7 @@ void QSslSocketBackendPrivate::startClientEncryption() // Error description/code were set, 'error' emitted // by initSslContext, but OpenSSL socket also sets error // emits a signal twice, so ... - setErrorAndEmit(QAbstractSocket::SslInternalError, "Unable to init SSL Context"); + setErrorAndEmit(QAbstractSocket::SslInternalError, QStringLiteral("Unable to init SSL Context")); return; } @@ -613,7 +613,7 @@ void QSslSocketBackendPrivate::startServerEncryption() // Error description/code were set, 'error' emitted // by initSslContext, but OpenSSL socket also sets error // emits a signal twice, so ... - setErrorAndEmit(QAbstractSocket::SslInternalError, "Unable to init SSL Context"); + setErrorAndEmit(QAbstractSocket::SslInternalError, QStringLiteral("Unable to init SSL Context")); return; } @@ -936,7 +936,7 @@ bool QSslSocketBackendPrivate::initSslContext() context.reset(qt_createSecureTransportContext(mode)); if (!context) { - setErrorAndEmit(QAbstractSocket::SslInternalError, "SSLCreateContext failed"); + setErrorAndEmit(QAbstractSocket::SslInternalError, QStringLiteral("SSLCreateContext failed")); return false; } @@ -964,7 +964,7 @@ bool QSslSocketBackendPrivate::initSslContext() if (!setSessionProtocol()) { destroySslContext(); - setErrorAndEmit(QAbstractSocket::SslInternalError, "Failed to set protocol version"); + setErrorAndEmit(QAbstractSocket::SslInternalError, QStringLiteral("Failed to set protocol version")); return false; } @@ -1406,8 +1406,7 @@ bool QSslSocketBackendPrivate::startHandshake() // check protocol version ourselves, as Secure Transport does not enforce // the requested min / max versions. if (!verifySessionProtocol()) { - setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, - "Protocol version mismatch"); + setErrorAndEmit(QAbstractSocket::SslHandshakeFailedError, QStringLiteral("Protocol version mismatch")); plainSocket->disconnectFromHost(); return false; } -- cgit v1.2.3 From e46e112eb10850801218bd810ecaeb8fd29f4c34 Mon Sep 17 00:00:00 2001 From: Anton Kudryavtsev Date: Fri, 8 Jul 2016 13:51:06 +0300 Subject: Optimize string usage Use QStringBuilder more. Use QL1S directly, without QString construction. Change-Id: Iad844391367681fc1013b9725403d009e7c346e6 Reviewed-by: Edward Welbourne --- src/network/access/qnetworkaccessftpbackend.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'src/network') diff --git a/src/network/access/qnetworkaccessftpbackend.cpp b/src/network/access/qnetworkaccessftpbackend.cpp index 153a33f782..d242bdba82 100644 --- a/src/network/access/qnetworkaccessftpbackend.cpp +++ b/src/network/access/qnetworkaccessftpbackend.cpp @@ -306,8 +306,6 @@ void QNetworkAccessFtpBackend::ftpDone() state = CheckingFeatures; if (operation() == QNetworkAccessManager::GetOperation) { // send help command to find out if server supports "SIZE" and "MDTM" - QString command = url().path(); - command.prepend(QLatin1String("%1 ")); helpId = ftp->rawCommand(QLatin1String("HELP")); // get supported commands } else { ftpDone(); @@ -316,14 +314,13 @@ void QNetworkAccessFtpBackend::ftpDone() state = Statting; if (operation() == QNetworkAccessManager::GetOperation) { // logged in successfully, send the stat requests (if supported) - QString command = url().path(); - command.prepend(QLatin1String("%1 ")); + const QString path = url().path(); if (supportsSize) { ftp->rawCommand(QLatin1String("TYPE I")); - sizeId = ftp->rawCommand(command.arg(QLatin1String("SIZE"))); // get size + sizeId = ftp->rawCommand(QLatin1String("SIZE ") + path); // get size } if (supportsMdtm) - mdtmId = ftp->rawCommand(command.arg(QLatin1String("MDTM"))); // get modified time + mdtmId = ftp->rawCommand(QLatin1String("MDTM ") + path); // get modified time if (!supportsSize && !supportsMdtm) ftpDone(); // no commands sent, move to the next state } else { -- cgit v1.2.3