diff options
author | Franck Dude <enstone83@gmail.com> | 2019-12-14 23:41:30 +0100 |
---|---|---|
committer | Franck Dude <enstone83@gmail.com> | 2020-03-19 10:43:46 +0100 |
commit | ed93680f34e92ad0383aa4e610bb65689118ca93 (patch) | |
tree | af3a3c9aa07a370d5923559538c8da6eceef4bf9 /src/websockets/qwebsocket.cpp | |
parent | 2437f81b0022f9524ca467e28c889d8683c464cf (diff) | |
download | qtwebsockets-ed93680f34e92ad0383aa4e610bb65689118ca93.tar.gz |
Add a public api to set max frame and message size (CVE-2018-21035)
This change allows the user to set a lower allowed frame/message size
for reception. The purpose is to avoid an attacker to exhaust the
virtual memory of the peer.
Fixes CVE-2018-21035
[ChangeLog] Added public API to set the maximum frame size and message size
Task-number: QTBUG-70693
Change-Id: I5dc5918badc99166afdcc8d9c6106247a9f8666f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/websockets/qwebsocket.cpp')
-rw-r--r-- | src/websockets/qwebsocket.cpp | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/src/websockets/qwebsocket.cpp b/src/websockets/qwebsocket.cpp index ade1eb4..144268f 100644 --- a/src/websockets/qwebsocket.cpp +++ b/src/websockets/qwebsocket.cpp @@ -788,4 +788,115 @@ qint64 QWebSocket::bytesToWrite() const return d->m_pSocket ? d->m_pSocket->bytesToWrite() : 0; } +/*! + \since 5.15 + Sets the maximum allowed size of an incoming websocket frame to \a maxAllowedIncomingFrameSize. + If an incoming frame exceeds this limit, the peer gets disconnected. + The accepted range is between 0 and maxIncomingFrameSize(), default is maxIncomingFrameSize(). + The purpose of this function is to avoid exhausting virtual memory. + + \sa maxAllowedIncomingFrameSize() + */ +void QWebSocket::setMaxAllowedIncomingFrameSize(quint64 maxAllowedIncomingFrameSize) +{ + Q_D(QWebSocket); + d->setMaxAllowedIncomingFrameSize(maxAllowedIncomingFrameSize); +} + +/*! + \since 5.15 + Returns the maximum allowed size of an incoming websocket frame. + + \sa setMaxAllowedIncomingFrameSize() + */ +quint64 QWebSocket::maxAllowedIncomingFrameSize() const +{ + Q_D(const QWebSocket); + return d->maxAllowedIncomingFrameSize(); +} + +/*! + \since 5.15 + Sets the maximum allowed size of an incoming websocket message to \a maxAllowedIncomingMessageSize. + If an incoming message exceeds this limit, the peer gets disconnected. + The accepted range is between 0 and maxIncomingMessageSize(), default is maxIncomingMessageSize(). + The purpose of this function is to avoid exhausting virtual memory. + + \sa maxAllowedIncomingMessageSize() + */ +void QWebSocket::setMaxAllowedIncomingMessageSize(quint64 maxAllowedIncomingMessageSize) +{ + Q_D(QWebSocket); + d->setMaxAllowedIncomingMessageSize(maxAllowedIncomingMessageSize); +} + +/*! + \since 5.15 + Returns the maximum allowed size of an incoming websocket message. + + \sa setMaxAllowedIncomingMessageSize() + */ +quint64 QWebSocket::maxAllowedIncomingMessageSize() const +{ + Q_D(const QWebSocket); + return d->maxAllowedIncomingMessageSize(); +} + +/*! + \since 5.15 + Returns the maximum supported size of an incoming websocket message for this websocket + implementation. + */ +quint64 QWebSocket::maxIncomingMessageSize() +{ + return QWebSocketPrivate::maxIncomingMessageSize(); +} + +/*! + \since 5.15 + Returns the maximum supported size of an incoming websocket frame for this websocket + implementation. + */ +quint64 QWebSocket::maxIncomingFrameSize() +{ + return QWebSocketPrivate::maxIncomingFrameSize(); +} + +/*! + \since 5.15 + Sets the maximum size of an outgoing websocket frame to \a outgoingFrameSize. + The accepted range is between 0 and maxOutgoingFrameSize(), default is 512kB. + The purpose of this function is to adapt to the maximum allowed frame size + of the receiver. + + \sa outgoingFrameSize() + */ +void QWebSocket::setOutgoingFrameSize(quint64 outgoingFrameSize) +{ + Q_D(QWebSocket); + d->setOutgoingFrameSize(outgoingFrameSize); +} + +/*! + \since 5.15 + Returns the maximum size of an outgoing websocket frame. + + \sa setOutgoingFrameSize() + */ +quint64 QWebSocket::outgoingFrameSize() const +{ + Q_D(const QWebSocket); + return d->outgoingFrameSize(); +} + +/*! + \since 5.15 + Returns the maximum supported size of an outgoing websocket frame for this websocket + implementation. + */ +quint64 QWebSocket::maxOutgoingFrameSize() +{ + return QWebSocketPrivate::maxOutgoingFrameSize(); +} + QT_END_NAMESPACE |