From 6b31ac7bf9f556bfdfbb51a16b7dd9ca65096860 Mon Sep 17 00:00:00 2001 From: Marc Mutz Date: Fri, 17 Dec 2021 09:08:45 +0100 Subject: QWebSocketProtocol: fix potential UB (signed overflow) in masking operation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The size of the payload is a 64-bit integer, which the loop counts down. If the size is > INT_MAX, then we'll overflow the int i used to track the current position in the mask. Fix by using an unsigned integer type instead. Change-Id: Ia3b8d42ae906eb03c1c7399cb1137a08121fcde3 Reviewed-by: Mårten Nordheim (cherry picked from commit 38218494a65049b5f9da7a8aab012a969c7dac86) Reviewed-by: Qt Cherry-pick Bot --- src/websockets/qwebsocketprotocol.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/websockets/qwebsocketprotocol.cpp b/src/websockets/qwebsocketprotocol.cpp index fc77632..319cc8f 100644 --- a/src/websockets/qwebsocketprotocol.cpp +++ b/src/websockets/qwebsocketprotocol.cpp @@ -210,7 +210,7 @@ void QWebSocketProtocol::mask(char *payload, quint64 size, quint32 maskingKey) quint8((maskingKey & 0x0000FF00u) >> 8), quint8((maskingKey & 0x000000FFu)) }; - int i = 0; + quint64 i = 0; while (size-- > 0) *payload++ ^= mask[i++ % 4]; } -- cgit v1.2.1 From 3e61227dd8880c516bb57cc3869cae56f6cc00bc Mon Sep 17 00:00:00 2001 From: Tarja Sundqvist Date: Fri, 31 Dec 2021 15:32:17 +0200 Subject: Bump version --- .qmake.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.qmake.conf b/.qmake.conf index 1c703d4..bf083d6 100644 --- a/.qmake.conf +++ b/.qmake.conf @@ -3,4 +3,4 @@ load(qt_build_config) CONFIG += warning_clean DEFINES += QT_NO_FOREACH -MODULE_VERSION = 5.15.8 +MODULE_VERSION = 5.15.9 -- cgit v1.2.1 From e1a8b7723a373ecb8837e8bf8249a03a1208d193 Mon Sep 17 00:00:00 2001 From: Joni Poikelin Date: Thu, 30 Dec 2021 10:41:42 +0200 Subject: Fix setting of socket options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Socket options need to be set after connectToHost() to take any effect. Change-Id: I006a8c59ba1c78d5edaa77d545bb0f640b7224fe Reviewed-by: Mårten Nordheim (cherry picked from commit 647922b1122977625b8f32fbc0bb2e9339afb4a3) Reviewed-by: Qt Cherry-pick Bot --- src/websockets/qwebsocket_p.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/websockets/qwebsocket_p.cpp b/src/websockets/qwebsocket_p.cpp index e0b4633..bb8f53d 100644 --- a/src/websockets/qwebsocket_p.cpp +++ b/src/websockets/qwebsocket_p.cpp @@ -429,8 +429,10 @@ void QWebSocketPrivate::open(const QNetworkRequest &request, bool mask) QSslSocket *sslSocket = new QSslSocket(q); m_pSocket = sslSocket; if (Q_LIKELY(m_pSocket)) { - m_pSocket->setSocketOption(QAbstractSocket::LowDelayOption, 1); - m_pSocket->setSocketOption(QAbstractSocket::KeepAliveOption, 1); + QObject::connect(sslSocket, &QSslSocket::connected, [sslSocket](){ + sslSocket->setSocketOption(QAbstractSocket::LowDelayOption, 1); + sslSocket->setSocketOption(QAbstractSocket::KeepAliveOption, 1); + }); m_pSocket->setReadBufferSize(m_readBufferSize); m_pSocket->setPauseMode(m_pauseMode); @@ -458,8 +460,10 @@ void QWebSocketPrivate::open(const QNetworkRequest &request, bool mask) if (url.scheme() == QStringLiteral("ws")) { m_pSocket = new QTcpSocket(q); if (Q_LIKELY(m_pSocket)) { - m_pSocket->setSocketOption(QAbstractSocket::LowDelayOption, 1); - m_pSocket->setSocketOption(QAbstractSocket::KeepAliveOption, 1); + QObject::connect(m_pSocket, &QTcpSocket::connected, [this](){ + m_pSocket->setSocketOption(QAbstractSocket::LowDelayOption, 1); + m_pSocket->setSocketOption(QAbstractSocket::KeepAliveOption, 1); + }); m_pSocket->setReadBufferSize(m_readBufferSize); m_pSocket->setPauseMode(m_pauseMode); -- cgit v1.2.1