blob: 83f5e110557e28cabafb9e0132d0eb53da9dea8a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
/****************************************************************************
**
** Copyright (C) 2016 Kurt Pattyn <pattyn.kurt@gmail.com>.
** Contact: https://www.qt.io/licensing/
**
** This file is part of the QtWebSockets module of the Qt Toolkit.
**
** $QT_BEGIN_LICENSE:COMM$
**
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and The Qt Company. For licensing terms
** and conditions see https://www.qt.io/terms-conditions. For further
** information use the contact form at https://www.qt.io/contact-us.
**
** $QT_END_LICENSE$
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
**
****************************************************************************/
/*!
\class QDefaultMaskGenerator
\inmodule QtWebSockets
\brief The QDefaultMaskGenerator class provides the default mask generator for QtWebSockets.
The WebSockets specification as outlined in \l {RFC 6455}
requires that all communication from client to server must be masked. This is to prevent
malicious scripts to attack bad behaving proxies.
For more information about the importance of good masking,
see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}.
The default mask generator uses the reasonably secure QRandomGenerator::global()->generate() function.
The best measure against attacks mentioned in the document above,
is to use QWebSocket over a secure connection (\e wss://).
In general, always be careful to not have 3rd party script access to
a QWebSocket in your application.
\internal
*/
#include "qdefaultmaskgenerator_p.h"
#include <QRandomGenerator>
QT_BEGIN_NAMESPACE
/*!
Constructs a new QDefaultMaskGenerator with the given \a parent.
\internal
*/
QDefaultMaskGenerator::QDefaultMaskGenerator(QObject *parent) :
QMaskGenerator(parent)
{
}
/*!
Destroys the QDefaultMaskGenerator object.
\internal
*/
QDefaultMaskGenerator::~QDefaultMaskGenerator()
{
}
/*!
\internal
*/
bool QDefaultMaskGenerator::seed() Q_DECL_NOEXCEPT
{
return true;
}
/*!
Generates a new random mask using the insecure QRandomGenerator::global()->generate() method.
\internal
*/
quint32 QDefaultMaskGenerator::nextMask() Q_DECL_NOEXCEPT
{
quint32 value = QRandomGenerator::global()->generate();
while (Q_UNLIKELY(value == 0)) {
// a mask of zero has a special meaning
value = QRandomGenerator::global()->generate();
}
return value;
}
QT_END_NAMESPACE
|
