From 3bc5f8c08107bcf8b5c274411850a67aed92372d Mon Sep 17 00:00:00 2001
From: "Richard J. Moore" <rich@kde.org>
Date: Sat, 31 Jan 2015 14:44:14 +0000
Subject: Harden QAsn1Element against malicious ASN.1 strings.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We don't currently use this class for critical things like hostname
verification however we still want to ensure that it is not possible
to trick it using ASN.1 strings with embedded NUL characters. This will
avoid problems in the future.

Change-Id: Ibf3bc142a94fc9cad5f06db50f375399a087f9dc
Reviewed-by: Jeremy Lainé <jeremy.laine@m4x.org>
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
---
 src/network/ssl/qasn1element.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src')

diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp
index f3f280d863..88f0ffb625 100644
--- a/src/network/ssl/qasn1element.cpp
+++ b/src/network/ssl/qasn1element.cpp
@@ -336,10 +336,15 @@ QByteArray QAsn1Element::toObjectName() const
 
 QString QAsn1Element::toString() const
 {
+    // Detect embedded NULs and reject
+    if (qstrlen(mValue) < uint(mValue.size()))
+        return QString();
+
     if (mType == PrintableStringType || mType == TeletexStringType)
         return QString::fromLatin1(mValue, mValue.size());
     if (mType == Utf8StringType)
         return QString::fromUtf8(mValue, mValue.size());
+
     return QString();
 }
 
-- 
cgit v1.2.3