QNetworkRequest: don't assume QByteArray::constData() is NUL-terminated

It isn't guaranteed to be, for QByteArrays originating from
QByteArray::fromRawData().

Use the four-arg qstrnicmp() overload (with defaulted fourth
argument), wrapped in a lambda to DRY, instead of qstricmp(), which
may produce incorrect results or even read past user-supplied buffers.

There were also uses of QByteArray::compare(c-literal,
Qt::CaseInsensitive). They're not affected by the problem, but
QByteArray is scheduled to lose its string-y API parts and become a
container of octets in the future. Besides, the lambda solution is
much nicer on the eye.

Pick-to: 6.4 6.2 5.15
Change-Id: I1e0f9003082f4158edecc6fe8cf3c0518e5403f5
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Lorn Potter <lorn.potter@gmail.com>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
This commit is contained in:
Marc Mutz 2022-12-06 23:47:36 +01:00
parent 536e173728
commit 0326ea08b1
2 changed files with 29 additions and 21 deletions

View File

@ -347,32 +347,36 @@ static int parseHeaderName(const QByteArray &headerName)
if (headerName.isEmpty())
return -1;
auto is = [&](const char *what) {
return qstrnicmp(headerName.data(), headerName.size(), what) == 0;
};
switch (QtMiscUtils::toAsciiLower(headerName.front())) {
case 'c':
if (qstricmp(headerName.constData(), "content-type") == 0)
if (is("content-type"))
return QNetworkRequest::ContentTypeHeader;
else if (qstricmp(headerName.constData(), "content-length") == 0)
else if (is("content-length"))
return QNetworkRequest::ContentLengthHeader;
else if (qstricmp(headerName.constData(), "cookie") == 0)
else if (is("cookie"))
return QNetworkRequest::CookieHeader;
break;
case 'l':
if (qstricmp(headerName.constData(), "location") == 0)
if (is("location"))
return QNetworkRequest::LocationHeader;
else if (qstricmp(headerName.constData(), "last-modified") == 0)
else if (is("last-modified"))
return QNetworkRequest::LastModifiedHeader;
break;
case 's':
if (qstricmp(headerName.constData(), "set-cookie") == 0)
if (is("set-cookie"))
return QNetworkRequest::SetCookieHeader;
else if (qstricmp(headerName.constData(), "server") == 0)
else if (is("server"))
return QNetworkRequest::ServerHeader;
break;
case 'u':
if (qstricmp(headerName.constData(), "user-agent") == 0)
if (is("user-agent"))
return QNetworkRequest::UserAgentHeader;
break;
}

View File

@ -1102,48 +1102,52 @@ static int parseHeaderName(const QByteArray &headerName)
if (headerName.isEmpty())
return -1;
auto is = [&](const char *what) {
return qstrnicmp(headerName.data(), headerName.size(), what) == 0;
};
switch (QtMiscUtils::toAsciiLower(headerName.front())) {
case 'c':
if (headerName.compare("content-type", Qt::CaseInsensitive) == 0)
if (is("content-type"))
return QNetworkRequest::ContentTypeHeader;
else if (headerName.compare("content-length", Qt::CaseInsensitive) == 0)
else if (is("content-length"))
return QNetworkRequest::ContentLengthHeader;
else if (headerName.compare("cookie", Qt::CaseInsensitive) == 0)
else if (is("cookie"))
return QNetworkRequest::CookieHeader;
else if (qstricmp(headerName.constData(), "content-disposition") == 0)
else if (is("content-disposition"))
return QNetworkRequest::ContentDispositionHeader;
break;
case 'e':
if (qstricmp(headerName.constData(), "etag") == 0)
if (is("etag"))
return QNetworkRequest::ETagHeader;
break;
case 'i':
if (qstricmp(headerName.constData(), "if-modified-since") == 0)
if (is("if-modified-since"))
return QNetworkRequest::IfModifiedSinceHeader;
if (qstricmp(headerName.constData(), "if-match") == 0)
if (is("if-match"))
return QNetworkRequest::IfMatchHeader;
if (qstricmp(headerName.constData(), "if-none-match") == 0)
if (is("if-none-match"))
return QNetworkRequest::IfNoneMatchHeader;
break;
case 'l':
if (headerName.compare("location", Qt::CaseInsensitive) == 0)
if (is("location"))
return QNetworkRequest::LocationHeader;
else if (headerName.compare("last-modified", Qt::CaseInsensitive) == 0)
else if (is("last-modified"))
return QNetworkRequest::LastModifiedHeader;
break;
case 's':
if (headerName.compare("set-cookie", Qt::CaseInsensitive) == 0)
if (is("set-cookie"))
return QNetworkRequest::SetCookieHeader;
else if (headerName.compare("server", Qt::CaseInsensitive) == 0)
else if (is("server"))
return QNetworkRequest::ServerHeader;
break;
case 'u':
if (headerName.compare("user-agent", Qt::CaseInsensitive) == 0)
if (is("user-agent"))
return QNetworkRequest::UserAgentHeader;
break;
}