diff options
author | Franck Dude <enstone83@gmail.com> | 2019-12-07 17:37:08 +0100 |
---|---|---|
committer | Franck Dude <enstone83@gmail.com> | 2019-12-13 20:10:20 +0100 |
commit | db472ab205b37f44cb2d65ad861152cb9f48f2e8 (patch) | |
tree | 9a9fa61d2be9d403649d13762a17482dfa61779e | |
parent | cea5603ee1a56bb5d177f35ed3f884345875099e (diff) |
Add protection against handshake header too large
Task-number: QTBUG-70691
Change-Id: I54b9f7157e5830b9efd8bae7d4777218857249b1
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
-rw-r--r-- | src/websockets/qwebsocketserver_p.cpp | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/websockets/qwebsocketserver_p.cpp b/src/websockets/qwebsocketserver_p.cpp index 574adf5..1009f52 100644 --- a/src/websockets/qwebsocketserver_p.cpp +++ b/src/websockets/qwebsocketserver_p.cpp @@ -432,10 +432,18 @@ void QWebSocketServerPrivate::handshakeReceived() // According to RFC822 the body is separated from the headers by a null line (CRLF) const QByteArray& endOfHeaderMarker = QByteArrayLiteral("\r\n\r\n"); - QByteArray header = pTcpSocket->peek(pTcpSocket->bytesAvailable()); + const qint64 byteAvailable = pTcpSocket->bytesAvailable(); + QByteArray header = pTcpSocket->peek(byteAvailable); const int endOfHeaderIndex = header.indexOf(endOfHeaderMarker); if (endOfHeaderIndex < 0) { //then we don't have our header complete yet + //check that no one is trying to exhaust our virtual memory + const qint64 maxHeaderLength = MAX_HEADERLINE_LENGTH * MAX_HEADERLINES + endOfHeaderMarker.size(); + if (byteAvailable > maxHeaderLength) { + pTcpSocket->close(); + setError(QWebSocketProtocol::CloseCodeTooMuchData, + QWebSocketServer::tr("Header is too large.")); + } return; } const int headerSize = endOfHeaderIndex + endOfHeaderMarker.size(); |