Add a public api to set max frame and message size (CVE-2018-21035)

This change allows the user to set a lower allowed frame/message size
for reception. The purpose is to avoid an attacker to exhaust the
virtual memory of the peer.
Fixes CVE-2018-21035

[ChangeLog] Added public API to set the maximum frame size and message size

Task-number: QTBUG-70693
Change-Id: I5dc5918badc99166afdcc8d9c6106247a9f8666f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>

1 files changed, 5 insertions, 1 deletions

diff --git a/src/websockets/qwebsocketframe_p.h b/src/websockets/qwebsocketframe_p.h
index a8b9684..992379a 100644
--- a/src/websockets/qwebsocketframe_p.h
+++ b/src/websockets/qwebsocketframe_p.h
@@ -65,7 +65,6 @@ QT_BEGIN_NAMESPACE
 class QIODevice;
 
 const quint64 MAX_FRAME_SIZE_IN_BYTES = std::numeric_limits<int>::max() - 1;
-const quint64 MAX_MESSAGE_SIZE_IN_BYTES = std::numeric_limits<int>::max() - 1;
 
 class Q_AUTOTEST_EXPORT QWebSocketFrame
 {
@@ -74,6 +73,10 @@ class Q_AUTOTEST_EXPORT QWebSocketFrame
 public:
     QWebSocketFrame() = default;
 
+    void setMaxAllowedFrameSize(quint64 maxAllowedFrameSize);
+    quint64 maxAllowedFrameSize() const;
+    static quint64 maxFrameSize();
+
     QWebSocketProtocol::CloseCode closeCode() const;
     QString closeReason() const;
     bool isFinalFrame() const;
@@ -118,6 +121,7 @@ private:
     bool m_rsv2 = false;
     bool m_rsv3 = false;
     bool m_isValid = false;
+    quint64 m_maxAllowedFrameSize = MAX_FRAME_SIZE_IN_BYTES;
 
     ProcessingState readFrameHeader(QIODevice *pIoDevice);
     ProcessingState readFramePayloadLength(QIODevice *pIoDevice);