From ed93680f34e92ad0383aa4e610bb65689118ca93 Mon Sep 17 00:00:00 2001 From: Franck Dude Date: Sat, 14 Dec 2019 23:41:30 +0100 Subject: Add a public api to set max frame and message size (CVE-2018-21035) This change allows the user to set a lower allowed frame/message size for reception. The purpose is to avoid an attacker to exhaust the virtual memory of the peer. Fixes CVE-2018-21035 [ChangeLog] Added public API to set the maximum frame size and message size Task-number: QTBUG-70693 Change-Id: I5dc5918badc99166afdcc8d9c6106247a9f8666f Reviewed-by: Timur Pocheptsov --- src/websockets/qwebsocketdataprocessor_p.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/websockets/qwebsocketdataprocessor_p.h') diff --git a/src/websockets/qwebsocketdataprocessor_p.h b/src/websockets/qwebsocketdataprocessor_p.h index 03635b1..62a2dc0 100644 --- a/src/websockets/qwebsocketdataprocessor_p.h +++ b/src/websockets/qwebsocketdataprocessor_p.h @@ -65,6 +65,8 @@ QT_BEGIN_NAMESPACE class QIODevice; class QWebSocketFrame; +const quint64 MAX_MESSAGE_SIZE_IN_BYTES = std::numeric_limits::max() - 1; + class Q_AUTOTEST_EXPORT QWebSocketDataProcessor : public QObject { Q_OBJECT @@ -74,6 +76,10 @@ public: explicit QWebSocketDataProcessor(QObject *parent = nullptr); ~QWebSocketDataProcessor() override; + void setMaxAllowedFrameSize(quint64 maxAllowedFrameSize); + quint64 maxAllowedFrameSize() const; + void setMaxAllowedMessageSize(quint64 maxAllowedMessageSize); + quint64 maxAllowedMessageSize() const; static quint64 maxMessageSize(); static quint64 maxFrameSize(); @@ -115,6 +121,7 @@ private: QTextCodec *m_pTextCodec; QWebSocketFrame frame; QTimer waitTimer; + quint64 m_maxAllowedMessageSize = MAX_MESSAGE_SIZE_IN_BYTES; bool processControlFrame(const QWebSocketFrame &frame); void timeout(); -- cgit v1.2.1