From 07c0e0fdcf6ccea2a60b2acc7059f56a834ad040 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Fri, 14 Jul 2017 10:40:49 +0200 Subject: QAsn1Element - fix toDateTime function ASN UTCTime uses two characters to encode a year (YY). When converting it into QDate, it's quite naive to just add 2000. According to RFC 2459, these YY represent dates in the range [1950, 2049]. This patch also introduces a helper function doing the checked conversion from a string to int (to be reused in the following-up patches). Task-number: QTBUG-61934 Change-Id: I3f6f471d24e8357b83b2f5973023b2b842751389 Reviewed-by: Edward Welbourne Reviewed-by: Timur Pocheptsov --- src/network/ssl/qasn1element.cpp | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp index dc59c41d59..6558643386 100644 --- a/src/network/ssl/qasn1element.cpp +++ b/src/network/ssl/qasn1element.cpp @@ -45,6 +45,8 @@ #include #include +#include + QT_BEGIN_NAMESPACE typedef QMap OidNameMap; @@ -82,6 +84,27 @@ static OidNameMap createOidMap() } Q_GLOBAL_STATIC_WITH_ARGS(OidNameMap, oidNameMap, (createOidMap())) +static bool stringToNonNegativeInt(const QByteArray &asnString, int *val) +{ + // Helper function for toDateTime(), which handles chunking of the original + // string into smaller sub-components, so we expect the whole 'asnString' to + // be a valid non-negative number. + Q_ASSERT(val); + + // We want the C locale, as used by QByteArray; however, no leading sign is + // allowed (which QByteArray would accept), so we have to check the data: + const std::locale localeC; + for (char v : asnString) { + if (!std::isdigit(v, localeC)) + return false; + } + + bool ok = false; + *val = asnString.toInt(&ok); + Q_ASSERT(ok && *val >= 0); + return true; +} + QAsn1Element::QAsn1Element(quint8 type, const QByteArray &value) : mType(type) , mValue(value) @@ -231,15 +254,19 @@ bool QAsn1Element::toBool(bool *ok) const QDateTime QAsn1Element::toDateTime() const { if (mValue.endsWith('Z')) { - if (mType == UtcTimeType && mValue.size() == 13) - return QDateTime(QDate(2000 + mValue.mid(0, 2).toInt(), + if (mType == UtcTimeType && mValue.size() == 13) { + int year = 0; + if (!stringToNonNegativeInt(mValue.mid(0, 2), &year)) + return QDateTime(); + // RFC 2459: YY represents a year in the range [1950, 2049] + return QDateTime(QDate(year < 50 ? 2000 + year : 1900 + year, mValue.mid(2, 2).toInt(), mValue.mid(4, 2).toInt()), QTime(mValue.mid(6, 2).toInt(), mValue.mid(8, 2).toInt(), mValue.mid(10, 2).toInt()), Qt::UTC); - else if (mType == GeneralizedTimeType && mValue.size() == 15) + } else if (mType == GeneralizedTimeType && mValue.size() == 15) { return QDateTime(QDate(mValue.mid(0, 4).toInt(), mValue.mid(4, 2).toInt(), mValue.mid(6, 2).toInt()), @@ -247,6 +274,7 @@ QDateTime QAsn1Element::toDateTime() const mValue.mid(10, 2).toInt(), mValue.mid(12, 2).toInt()), Qt::UTC); + } } return QDateTime(); } -- cgit v1.2.3