summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/websockets/qwebsocketserver_p.cpp10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/websockets/qwebsocketserver_p.cpp b/src/websockets/qwebsocketserver_p.cpp
index 574adf5..1009f52 100644
--- a/src/websockets/qwebsocketserver_p.cpp
+++ b/src/websockets/qwebsocketserver_p.cpp
@@ -432,10 +432,18 @@ void QWebSocketServerPrivate::handshakeReceived()
// According to RFC822 the body is separated from the headers by a null line (CRLF)
const QByteArray& endOfHeaderMarker = QByteArrayLiteral("\r\n\r\n");
- QByteArray header = pTcpSocket->peek(pTcpSocket->bytesAvailable());
+ const qint64 byteAvailable = pTcpSocket->bytesAvailable();
+ QByteArray header = pTcpSocket->peek(byteAvailable);
const int endOfHeaderIndex = header.indexOf(endOfHeaderMarker);
if (endOfHeaderIndex < 0) {
//then we don't have our header complete yet
+ //check that no one is trying to exhaust our virtual memory
+ const qint64 maxHeaderLength = MAX_HEADERLINE_LENGTH * MAX_HEADERLINES + endOfHeaderMarker.size();
+ if (byteAvailable > maxHeaderLength) {
+ pTcpSocket->close();
+ setError(QWebSocketProtocol::CloseCodeTooMuchData,
+ QWebSocketServer::tr("Header is too large."));
+ }
return;
}
const int headerSize = endOfHeaderIndex + endOfHeaderMarker.size();
View Lorry Controller Status