diff options
| author | Liang Qi <liang.qi@theqtcompany.com> | 2015-10-02 13:55:07 +0200 |
|---|---|---|
| committer | Liang Qi <liang.qi@theqtcompany.com> | 2015-10-02 13:55:07 +0200 |
| commit | 6484afa4b7645b31e370f4eb8ea0b93fc3bf052a (patch) | |
| tree | 9ff1eacd8dcb1943613785e3ad6df77bf38523bb | |
| parent | f11862a05591452bdad9c1abd244288a2964a036 (diff) | |
| parent | 12e424f241b29ef26ad2a3a70740d8b320e9e85a (diff) | |
| download | qtwebsockets-6484afa4b7645b31e370f4eb8ea0b93fc3bf052a.tar.gz | |
Merge remote-tracking branch 'origin/5.5' into 5.6
Conflicts:
tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp
Change-Id: Ie4184b0788b6a0a5a85ca8e4d1547c33f7027ca0
| -rw-r--r-- | src/websockets/qwebsocket.cpp | 2 | ||||
| -rw-r--r-- | src/websockets/qwebsocket_p.cpp | 43 | ||||
| -rw-r--r-- | src/websockets/qwebsocket_p.h | 3 | ||||
| -rw-r--r-- | src/websockets/qwebsockethandshakerequest.cpp | 56 | ||||
| -rw-r--r-- | src/websockets/qwebsockethandshakerequest_p.h | 2 | ||||
| -rw-r--r-- | src/websockets/qwebsocketserver_p.cpp | 8 | ||||
| -rw-r--r-- | tests/auto/websockets/handshakerequest/tst_handshakerequest.cpp | 76 | ||||
| -rw-r--r-- | tests/auto/websockets/handshakeresponse/tst_handshakeresponse.cpp | 2 | ||||
| -rw-r--r-- | tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp | 103 |
9 files changed, 262 insertions, 33 deletions
diff --git a/src/websockets/qwebsocket.cpp b/src/websockets/qwebsocket.cpp index 3635003..0286196 100644 --- a/src/websockets/qwebsocket.cpp +++ b/src/websockets/qwebsocket.cpp @@ -281,6 +281,8 @@ QWebSocket::QWebSocket(const QString &origin, */ QWebSocket::~QWebSocket() { + Q_D(QWebSocket); + d->closeGoingAway(); } /*! diff --git a/src/websockets/qwebsocket_p.cpp b/src/websockets/qwebsocket_p.cpp index b9504f8..1722c15 100644 --- a/src/websockets/qwebsocket_p.cpp +++ b/src/websockets/qwebsocket_p.cpp @@ -84,7 +84,7 @@ QWebSocketPrivate::QWebSocketPrivate(const QString &origin, QWebSocketProtocol:: QWebSocket *pWebSocket) : QObjectPrivate(), q_ptr(pWebSocket), - m_pSocket(), + m_pSocket(Q_NULLPTR), m_errorString(), m_version(version), m_resourceName(), @@ -154,7 +154,7 @@ void QWebSocketPrivate::init() m_pMaskGenerator->seed(); if (m_pSocket) { - makeConnections(m_pSocket.data()); + makeConnections(m_pSocket); } } @@ -163,11 +163,18 @@ void QWebSocketPrivate::init() */ QWebSocketPrivate::~QWebSocketPrivate() { +} + +/*! + \internal +*/ +void QWebSocketPrivate::closeGoingAway() +{ if (!m_pSocket) return; if (state() == QAbstractSocket::ConnectedState) close(QWebSocketProtocol::CloseCodeGoingAway, QWebSocket::tr("Connection closed")); - releaseConnections(m_pSocket.data()); + releaseConnections(m_pSocket); } /*! @@ -262,7 +269,7 @@ void QWebSocketPrivate::ignoreSslErrors() { m_configuration.m_ignoreSslErrors = true; if (Q_LIKELY(m_pSocket)) { - QSslSocket *pSslSocket = qobject_cast<QSslSocket *>(m_pSocket.data()); + QSslSocket *pSslSocket = qobject_cast<QSslSocket *>(m_pSocket); if (Q_LIKELY(pSslSocket)) pSslSocket->ignoreSslErrors(); } @@ -340,7 +347,7 @@ void QWebSocketPrivate::open(const QNetworkRequest &request, bool mask) { //just delete the old socket for the moment; //later, we can add more 'intelligent' handling by looking at the URL - //m_pSocket.reset(); + Q_Q(QWebSocket); QUrl url = request.url(); if (!url.isValid() || url.toString().contains(QStringLiteral("\r\n"))) { @@ -348,10 +355,10 @@ void QWebSocketPrivate::open(const QNetworkRequest &request, bool mask) Q_EMIT q->error(QAbstractSocket::ConnectionRefusedError); return; } - QTcpSocket *pTcpSocket = m_pSocket.take(); - if (pTcpSocket) { - releaseConnections(pTcpSocket); - pTcpSocket->deleteLater(); + if (m_pSocket) { + releaseConnections(m_pSocket); + m_pSocket->deleteLater(); + m_pSocket = Q_NULLPTR; } //if (m_url != url) if (Q_LIKELY(!m_pSocket)) { @@ -387,15 +394,15 @@ void QWebSocketPrivate::open(const QNetworkRequest &request, bool mask) setErrorString(message); Q_EMIT q->error(QAbstractSocket::UnsupportedSocketOperationError); } else { - QSslSocket *sslSocket = new QSslSocket; - m_pSocket.reset(sslSocket); + QSslSocket *sslSocket = new QSslSocket(q_ptr); + m_pSocket = sslSocket; if (Q_LIKELY(m_pSocket)) { m_pSocket->setSocketOption(QAbstractSocket::LowDelayOption, 1); m_pSocket->setSocketOption(QAbstractSocket::KeepAliveOption, 1); m_pSocket->setReadBufferSize(m_readBufferSize); m_pSocket->setPauseMode(m_pauseMode); - makeConnections(m_pSocket.data()); + makeConnections(m_pSocket); setSocketState(QAbstractSocket::ConnectingState); sslSocket->setSslConfiguration(m_configuration.m_sslConfiguration); @@ -416,14 +423,14 @@ void QWebSocketPrivate::open(const QNetworkRequest &request, bool mask) } else #endif if (url.scheme() == QStringLiteral("ws")) { - m_pSocket.reset(new QTcpSocket); + m_pSocket = new QTcpSocket(q_ptr); if (Q_LIKELY(m_pSocket)) { m_pSocket->setSocketOption(QAbstractSocket::LowDelayOption, 1); m_pSocket->setSocketOption(QAbstractSocket::KeepAliveOption, 1); m_pSocket->setReadBufferSize(m_readBufferSize); m_pSocket->setPauseMode(m_pauseMode); - makeConnections(m_pSocket.data()); + makeConnections(m_pSocket); setSocketState(QAbstractSocket::ConnectingState); #ifndef QT_NO_NETWORKPROXY m_pSocket->setProxy(m_configuration.m_proxy); @@ -1105,8 +1112,8 @@ void QWebSocketPrivate::processStateChanged(QAbstractSocket::SocketState socketS void QWebSocketPrivate::socketDestroyed(QObject *socket) { Q_ASSERT(m_pSocket); - if (m_pSocket.data() == socket) - m_pSocket.take(); + if (m_pSocket == socket) + m_pSocket = Q_NULLPTR; } /*! @@ -1117,9 +1124,9 @@ void QWebSocketPrivate::processData() Q_ASSERT(m_pSocket); while (m_pSocket->bytesAvailable()) { if (state() == QAbstractSocket::ConnectingState) - processHandshake(m_pSocket.data()); + processHandshake(m_pSocket); else - m_dataProcessor.process(m_pSocket.data()); + m_dataProcessor.process(m_pSocket); } } diff --git a/src/websockets/qwebsocket_p.h b/src/websockets/qwebsocket_p.h index 260e8e8..037df61 100644 --- a/src/websockets/qwebsocket_p.h +++ b/src/websockets/qwebsocket_p.h @@ -143,6 +143,7 @@ public: QSslConfiguration sslConfiguration() const; #endif + void closeGoingAway(); void close(QWebSocketProtocol::CloseCode closeCode, QString reason); void open(const QNetworkRequest &request, bool mask); void ping(const QByteArray &payload); @@ -197,7 +198,7 @@ private: qint64 writeFrames(const QList<QByteArray> &frames) Q_REQUIRED_RESULT; qint64 writeFrame(const QByteArray &frame) Q_REQUIRED_RESULT; - QScopedPointer<QTcpSocket> m_pSocket; + QTcpSocket *m_pSocket; QString m_errorString; QWebSocketProtocol::Version m_version; QUrl m_resource; diff --git a/src/websockets/qwebsockethandshakerequest.cpp b/src/websockets/qwebsockethandshakerequest.cpp index 528cb32..e2cbaef 100644 --- a/src/websockets/qwebsockethandshakerequest.cpp +++ b/src/websockets/qwebsockethandshakerequest.cpp @@ -183,18 +183,49 @@ QUrl QWebSocketHandshakeRequest::requestUrl() const } /*! + Reads a line of text from the given textstream (terminated by CR/LF). + If an empty line was detected, an empty string is returned. + When an error occurs, a null string is returned. \internal */ -void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream) +static QString readLine(QTextStream &stream, int maxHeaderLineLength) +{ + QString line; + char c; + while (!stream.atEnd()) { + stream >> c; + if (stream.status() != QTextStream::Ok) + return QString(); + if (c == char('\r')) { + //eat the \n character + stream >> c; + line.append(QStringLiteral("")); + break; + } else { + line.append(QChar::fromLatin1(c)); + if (line.length() > maxHeaderLineLength) + return QString(); + } + } + return line; +} + +/*! + \internal + */ +void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream, int maxHeaderLineLength, + int maxHeaders) { - m_isValid = false; clear(); if (Q_UNLIKELY(textStream.status() != QTextStream::Ok)) return; - const QString requestLine = textStream.readLine(); + const QString requestLine = readLine(textStream, maxHeaderLineLength); + if (requestLine.isNull()) { + clear(); + return; + } const QStringList tokens = requestLine.split(' ', QString::SkipEmptyParts); if (Q_UNLIKELY(tokens.length() < 3)) { - m_isValid = false; clear(); return; } @@ -206,10 +237,13 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream) if (Q_UNLIKELY(!conversionOk)) { clear(); - m_isValid = false; return; } - QString headerLine = textStream.readLine(); + QString headerLine = readLine(textStream, maxHeaderLineLength); + if (headerLine.isNull()) { + clear(); + return; + } m_headers.clear(); while (!headerLine.isEmpty()) { const QStringList headerField = headerLine.split(QStringLiteral(": "), @@ -219,7 +253,15 @@ void QWebSocketHandshakeRequest::readHandshake(QTextStream &textStream) return; } m_headers.insertMulti(headerField.at(0).toLower(), headerField.at(1)); - headerLine = textStream.readLine(); + if (m_headers.size() > maxHeaders) { + clear(); + return; + } + headerLine = readLine(textStream, maxHeaderLineLength); + if (headerLine.isNull()) { + clear(); + return; + } } m_requestUrl = QUrl::fromEncoded(resourceName.toLatin1()); diff --git a/src/websockets/qwebsockethandshakerequest_p.h b/src/websockets/qwebsockethandshakerequest_p.h index ad2a249..6ad5381 100644 --- a/src/websockets/qwebsockethandshakerequest_p.h +++ b/src/websockets/qwebsockethandshakerequest_p.h @@ -78,7 +78,7 @@ public: QString resourceName() const; QString host() const; - void readHandshake(QTextStream &textStream); + void readHandshake(QTextStream &textStream, int maxHeaderLineLength, int maxHeaders); private: diff --git a/src/websockets/qwebsocketserver_p.cpp b/src/websockets/qwebsocketserver_p.cpp index bc23674..d1750ce 100644 --- a/src/websockets/qwebsocketserver_p.cpp +++ b/src/websockets/qwebsocketserver_p.cpp @@ -49,6 +49,12 @@ QT_BEGIN_NAMESPACE +//both constants are taken from the default settings of Apache +//see: http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize and +//http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfields +const int MAX_HEADERLINE_LENGTH = 8 * 1024; //maximum length of a http request header line +const int MAX_HEADERLINES = 100; //maximum number of http request header lines + /*! \internal */ @@ -431,7 +437,7 @@ void QWebSocketServerPrivate::handshakeReceived() QWebSocketHandshakeRequest request(pTcpSocket->peerPort(), isSecure); QTextStream textStream(pTcpSocket); - request.readHandshake(textStream); + request.readHandshake(textStream, MAX_HEADERLINE_LENGTH, MAX_HEADERLINES); if (request.isValid()) { QWebSocketCorsAuthenticator corsAuthenticator(request.origin()); diff --git a/tests/auto/websockets/handshakerequest/tst_handshakerequest.cpp b/tests/auto/websockets/handshakerequest/tst_handshakerequest.cpp index 9c579bd..2921e57 100644 --- a/tests/auto/websockets/handshakerequest/tst_handshakerequest.cpp +++ b/tests/auto/websockets/handshakerequest/tst_handshakerequest.cpp @@ -45,6 +45,9 @@ QT_USE_NAMESPACE Q_DECLARE_METATYPE(QWebSocketProtocol::CloseCode) Q_DECLARE_METATYPE(QWebSocketProtocol::OpCode) +const int MAX_HEADERLINE_LENGTH = 8 * 1024; +const int MAX_HEADERS = 100; + class tst_HandshakeRequest : public QObject { Q_OBJECT @@ -67,6 +70,8 @@ private Q_SLOTS: void tst_multipleVersions(); void tst_qtbug_39355(); + void tst_qtbug_48123_data(); + void tst_qtbug_48123(); }; tst_HandshakeRequest::tst_HandshakeRequest() @@ -203,7 +208,7 @@ void tst_HandshakeRequest::tst_invalidStream() textStream << dataStream; textStream.seek(0); - request.readHandshake(textStream); + request.readHandshake(textStream, MAX_HEADERLINE_LENGTH, MAX_HEADERS); QVERIFY(!request.isValid()); QCOMPARE(request.port(), 80); @@ -239,7 +244,7 @@ void tst_HandshakeRequest::tst_multipleValuesInConnectionHeader() textStream << header; textStream.seek(0); - request.readHandshake(textStream); + request.readHandshake(textStream, MAX_HEADERLINE_LENGTH, MAX_HEADERS); QVERIFY(request.isValid()); QCOMPARE(request.port(), 80); @@ -269,7 +274,7 @@ void tst_HandshakeRequest::tst_multipleVersions() textStream << header; textStream.seek(0); - request.readHandshake(textStream); + request.readHandshake(textStream, MAX_HEADERLINE_LENGTH, MAX_HEADERS); QVERIFY(request.isValid()); QCOMPARE(request.port(), 80); @@ -305,13 +310,76 @@ void tst_HandshakeRequest::tst_qtbug_39355() textStream << header; textStream.seek(0); - request.readHandshake(textStream); + request.readHandshake(textStream, MAX_HEADERLINE_LENGTH, MAX_HEADERS); QVERIFY(request.isValid()); QCOMPARE(request.port(), 1234); QCOMPARE(request.host(), QStringLiteral("localhost")); } +void tst_HandshakeRequest::tst_qtbug_48123_data() +{ + QTest::addColumn<QString>("header"); + QTest::addColumn<bool>("shouldBeValid"); + const QString header = QStringLiteral("GET /ABC/DEF/ HTTP/1.1\r\nHost: localhost:1234\r\n") + + QStringLiteral("Sec-WebSocket-Version: 13\r\n") + + QStringLiteral("Sec-WebSocket-Key: 2Wg20829/4ziWlmsUAD8Dg==\r\n") + + QStringLiteral("Upgrade: websocket\r\n") + + QStringLiteral("Connection: Upgrade\r\n"); + const int numHeaderLines = header.count(QStringLiteral("\r\n")) - 1; //-1: exclude requestline + + //a headerline should not be larger than MAX_HEADERLINE_LENGTH characters (excluding CRLF) + QString illegalHeader = header; + illegalHeader.append(QString(MAX_HEADERLINE_LENGTH + 1, QChar::fromAscii('c'))); + illegalHeader.append(QStringLiteral("\r\n\r\n")); + + QTest::newRow("headerline too long") << illegalHeader << false; + + QString legalHeader = header; + const QString headerKey = QStringLiteral("X-CUSTOM-KEY: "); + legalHeader.append(headerKey); + legalHeader.append(QString(MAX_HEADERLINE_LENGTH - headerKey.length(), QChar::fromAscii('c'))); + legalHeader.append(QStringLiteral("\r\n\r\n")); + + QTest::newRow("headerline with maximum length") << legalHeader << true; + + //a header should not contain more than MAX_HEADERS header lines (excluding the request line) + //test with MAX_HEADERS + 1 + illegalHeader = header; + const QString headerLine(QStringLiteral("Host: localhost:1234\r\n")); + for (int i = 0; i < (MAX_HEADERS - numHeaderLines + 1); ++i) { + illegalHeader.append(headerLine); + } + illegalHeader.append(QStringLiteral("\r\n")); + + QTest::newRow("too many headerlines") << illegalHeader << false; + + //test with MAX_HEADERS header lines (excluding the request line) + legalHeader = header; + for (int i = 0; i < (MAX_HEADERS - numHeaderLines); ++i) { + legalHeader.append(headerLine); + } + legalHeader.append(QStringLiteral("\r\n")); + + QTest::newRow("just enough headerlines") << legalHeader << true; +} + +void tst_HandshakeRequest::tst_qtbug_48123() +{ + QFETCH(QString, header); + QFETCH(bool, shouldBeValid); + + QByteArray data; + QTextStream textStream(&data); + QWebSocketHandshakeRequest request(8080, false); + + textStream << header; + textStream.seek(0); + request.readHandshake(textStream, MAX_HEADERLINE_LENGTH, MAX_HEADERS); + + QCOMPARE(request.isValid(), shouldBeValid); +} + QTEST_MAIN(tst_HandshakeRequest) #include "tst_handshakerequest.moc" diff --git a/tests/auto/websockets/handshakeresponse/tst_handshakeresponse.cpp b/tests/auto/websockets/handshakeresponse/tst_handshakeresponse.cpp index b5f103b..7d35cd0 100644 --- a/tests/auto/websockets/handshakeresponse/tst_handshakeresponse.cpp +++ b/tests/auto/websockets/handshakeresponse/tst_handshakeresponse.cpp @@ -91,7 +91,7 @@ void tst_HandshakeResponse::tst_date_response() QStringLiteral("Sec-WebSocket-Key: AVDFBDDFF\r\n") + QStringLiteral("Upgrade: websocket\r\n") + QStringLiteral("Connection: Upgrade\r\n\r\n"); - request.readHandshake(input); + request.readHandshake(input, 8 * 1024, 100); QWebSocketHandshakeResponse response(request, "example.com", true, QList<QWebSocketProtocol::Version>() << QWebSocketProtocol::Version13, diff --git a/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp b/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp index f993f84..9cef46a 100644 --- a/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp +++ b/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp @@ -143,6 +143,8 @@ private Q_SLOTS: void tst_sendBinaryMessage(); void tst_errorString(); void tst_openRequest(); + void tst_moveToThread(); + void tst_moveToThreadNoWarning(); #ifndef QT_NO_NETWORKPROXY void tst_setProxy(); #endif @@ -603,6 +605,107 @@ void tst_QWebSocket::tst_openRequest() socket.close(); } +class WebSocket : public QWebSocket +{ + Q_OBJECT + +public: + explicit WebSocket() + { + connect(this, SIGNAL(triggerClose()), SLOT(onClose()), Qt::QueuedConnection); + connect(this, SIGNAL(triggerOpen(QUrl)), SLOT(onOpen(QUrl)), Qt::QueuedConnection); + connect(this, SIGNAL(triggerSendTextMessage(QString)), SLOT(onSendTextMessage(QString)), Qt::QueuedConnection); + connect(this, SIGNAL(textMessageReceived(QString)), this, SLOT(onTextMessageReceived(QString)), Qt::QueuedConnection); + } + + void asyncClose() { triggerClose(); } + void asyncOpen(const QUrl &url) { triggerOpen(url); } + void asyncSendTextMessage(const QString &msg) { triggerSendTextMessage(msg); } + + QString receivedMessage; + +Q_SIGNALS: + void triggerClose(); + void triggerOpen(const QUrl &); + void triggerSendTextMessage(const QString &); + void done(); + +private Q_SLOTS: + void onClose() { close(); } + void onOpen(const QUrl &url) { open(url); } + void onSendTextMessage(const QString &msg) { sendTextMessage(msg); } + void onTextMessageReceived(const QString &msg) { receivedMessage = msg; done(); } +}; + +struct Warned +{ + static QtMessageHandler origHandler; + static bool warned; + static void messageHandler(QtMsgType type, const QMessageLogContext& context, const QString& str) + { + if (type == QtWarningMsg) { + warned = true; + } + if (origHandler) + origHandler(type, context, str); + } +}; +QtMessageHandler Warned::origHandler = 0; +bool Warned::warned = false; + + +void tst_QWebSocket::tst_moveToThread() +{ + Warned::origHandler = qInstallMessageHandler(&Warned::messageHandler); + + EchoServer echoServer; + + QThread* thread = new QThread; + thread->start(); + + WebSocket* socket = new WebSocket; + socket->moveToThread(thread); + + const QString textMessage = QStringLiteral("Hello world!"); + QSignalSpy socketConnectedSpy(socket, SIGNAL(connected())); + QUrl url = QUrl(QStringLiteral("ws://") + echoServer.hostAddress().toString() + + QStringLiteral(":") + QString::number(echoServer.port())); + url.setPath("/segment/with spaces"); + url.addQueryItem("queryitem", "with encoded characters"); + + socket->asyncOpen(url); + if (socketConnectedSpy.count() == 0) + QVERIFY(socketConnectedSpy.wait(500)); + + socket->asyncSendTextMessage(textMessage); + + QTimer timer; + timer.setInterval(1000); + timer.start(); + QEventLoop loop; + connect(socket, SIGNAL(done()), &loop, SLOT(quit())); + connect(socket, SIGNAL(done()), &timer, SLOT(stop())); + connect(&timer, SIGNAL(timeout()), &loop, SLOT(quit())); + loop.exec(); + + socket->asyncClose(); + + QCOMPARE(timer.isActive(), false); + QCOMPARE(socket->receivedMessage, textMessage); + + socket->deleteLater(); + thread->quit(); + thread->deleteLater(); +} + +void tst_QWebSocket::tst_moveToThreadNoWarning() +{ + // check for warnings in tst_moveToThread() + // couldn't done there because warnings are processed after the test run + QCOMPARE(Warned::warned, false); +} + + #ifndef QT_NO_NETWORKPROXY void tst_QWebSocket::tst_setProxy() { |