Prevent time zone lookup from using infinite amounts of memory

The QTzTimeZoneCache created one cache entry for every time zone which was looked up, even if the code was invalid. This uses some memory for each time zone code queried and thus allows DOS attacks if user supplied time zone codes are parsed. This patch changes the cache to use QCache instead of QHash and thus only store up to 100 zones in the cache. Change-Id: Ia87fe500b8b9cf23dced5448a33b047702515f19 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
2020-11-16 12:19:02 +01:00 · 2020-11-16 12:19:02 +01:00 · 0732c5917d
commit 0732c5917d
parent 0b21c15b11
1 changed files with 6 additions and 6 deletions
--- a/src/corelib/time/qtimezoneprivate_tz.cpp
+++ b/src/corelib/time/qtimezoneprivate_tz.cpp
@ -46,7 +46,7 @@
 #include <QtCore/QDataStream>
 #include <QtCore/QDateTime>
 #include <QtCore/QFile>
-#include <QtCore/QHash>
+#include <QtCore/QCache>
 #include <QtCore/QMutex>

 #include <qdebug.h>
@ -660,7 +660,7 @@ public:

 private:
    QTzTimeZoneCacheEntry findEntry(const QByteArray &ianaId);
-    QHash<QByteArray, QTzTimeZoneCacheEntry> m_cache;
+    QCache<QByteArray, QTzTimeZoneCacheEntry> m_cache;
    QMutex m_mutex;
 };

@ -842,13 +842,13 @@ QTzTimeZoneCacheEntry QTzTimeZoneCache::fetchEntry(const QByteArray &ianaId)
    QMutexLocker locker(&m_mutex);

    // search the cache...
-    const auto& it = m_cache.find(ianaId);
-    if (it != m_cache.constEnd())
-        return *it;
+    QTzTimeZoneCacheEntry *obj = m_cache.object(ianaId);
+    if (obj)
+        return *obj;

    // ... or build a new entry from scratch
    QTzTimeZoneCacheEntry ret = findEntry(ianaId);
-    m_cache[ianaId] = ret;
+    m_cache.insert(ianaId, new QTzTimeZoneCacheEntry(ret));
    return ret;
 }