From cf41cd16a1f156d68f9cb4a84dd77230f29d739f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
Date: Thu, 2 Aug 2018 16:54:49 +0200
Subject: Limit Close frame to 125 bytes

All control frames should be limited to 125 frames.

https://tools.ietf.org/html/rfc6455#section-5.5

Task-number: QTBUG-62949
Change-Id: Id9b5a431faab6ff6edf7dc2e5c3525e999bc04ea
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
---
 src/websockets/qwebsocket.cpp   |  5 ++++-
 src/websockets/qwebsocket_p.cpp | 10 +++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/websockets/qwebsocket.cpp b/src/websockets/qwebsocket.cpp
index 1b0fc35..3472fe4 100644
--- a/src/websockets/qwebsocket.cpp
+++ b/src/websockets/qwebsocket.cpp
@@ -402,7 +402,10 @@ qint64 QWebSocket::sendBinaryMessage(const QByteArray &data)
 
     Any data in the write buffer is flushed before the socket is closed.
     The \a closeCode is a QWebSocketProtocol::CloseCode indicating the reason to close, and
-    \a reason describes the reason of the closure more in detail
+    \a reason describes the reason of the closure more in detail. All control
+    frames, including the Close frame, are limited to 125 bytes. Since two of
+    these are used for \a closeCode the maximum length of \a reason is 123! If
+    \a reason exceeds this limit it will be truncated.
  */
 void QWebSocket::close(QWebSocketProtocol::CloseCode closeCode, const QString &reason)
 {
diff --git a/src/websockets/qwebsocket_p.cpp b/src/websockets/qwebsocket_p.cpp
index f4ed311..d233b66 100644
--- a/src/websockets/qwebsocket_p.cpp
+++ b/src/websockets/qwebsocket_p.cpp
@@ -334,12 +334,14 @@ void QWebSocketPrivate::close(QWebSocketProtocol::CloseCode closeCode, QString r
     if (!m_isClosingHandshakeSent) {
         Q_Q(QWebSocket);
         m_closeCode = closeCode;
-        m_closeReason = reason;
+        // 125 is the maximum length of a control frame, and 2 bytes are used for the close code:
+        const QByteArray reasonUtf8 = reason.toUtf8().left(123);
+        m_closeReason = QString::fromUtf8(reasonUtf8);
         const quint16 code = qToBigEndian<quint16>(closeCode);
         QByteArray payload;
         payload.append(static_cast<const char *>(static_cast<const void *>(&code)), 2);
-        if (!reason.isEmpty())
-            payload.append(reason.toUtf8());
+        if (!reasonUtf8.isEmpty())
+            payload.append(reasonUtf8);
         quint32 maskingKey = 0;
         if (m_mustMask) {
             maskingKey = generateMaskingKey();
@@ -347,6 +349,8 @@ void QWebSocketPrivate::close(QWebSocketProtocol::CloseCode closeCode, QString r
         }
         QByteArray frame = getFrameHeader(QWebSocketProtocol::OpCodeClose,
                                           payload.size(), maskingKey, true);
+
+        Q_ASSERT(payload.length() <= 125);
         frame.append(payload);
         m_pSocket->write(frame);
         m_pSocket->flush();
-- 
cgit v1.2.1