diff --git a/src/network/ssl/qasn1element.cpp b/src/network/ssl/qasn1element.cpp index f3f280d863..88f0ffb625 100644 --- a/src/network/ssl/qasn1element.cpp +++ b/src/network/ssl/qasn1element.cpp @@ -336,10 +336,15 @@ QByteArray QAsn1Element::toObjectName() const QString QAsn1Element::toString() const { + // Detect embedded NULs and reject + if (qstrlen(mValue) < uint(mValue.size())) + return QString(); + if (mType == PrintableStringType || mType == TeletexStringType) return QString::fromLatin1(mValue, mValue.size()); if (mType == Utf8StringType) return QString::fromUtf8(mValue, mValue.size()); + return QString(); } diff --git a/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp b/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp index 30a01cb6f4..11518546a5 100644 --- a/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp +++ b/tests/auto/network/ssl/qasn1element/tst_qasn1element.cpp @@ -55,6 +55,8 @@ private slots: void octetString(); void objectIdentifier_data(); void objectIdentifier(); + void string_data(); + void string(); }; void tst_QAsn1Element::emptyConstructor() @@ -265,5 +267,40 @@ void tst_QAsn1Element::objectIdentifier() QCOMPARE(elem.toObjectName(), name); } +void tst_QAsn1Element::string_data() +{ + QTest::addColumn("element"); + QTest::addColumn("value"); + + QTest::newRow("printablestring") + << QAsn1Element(QAsn1Element::PrintableStringType, QByteArray("Hello World")) + << QStringLiteral("Hello World"); + QTest::newRow("teletextstring") + << QAsn1Element(QAsn1Element::TeletexStringType, QByteArray("Hello World")) + << QStringLiteral("Hello World"); + QTest::newRow("utf8string") + << QAsn1Element(QAsn1Element::Utf8StringType, QByteArray("Hello World")) + << QStringLiteral("Hello World"); + + // Embedded NULs are not allowed and should be rejected + QTest::newRow("evil_printablestring") + << QAsn1Element(QAsn1Element::PrintableStringType, QByteArray("Hello\0World", 11)) + << QString(); + QTest::newRow("evil_teletextstring") + << QAsn1Element(QAsn1Element::TeletexStringType, QByteArray("Hello\0World", 11)) + << QString(); + QTest::newRow("evil_utf8string") + << QAsn1Element(QAsn1Element::Utf8StringType, QByteArray("Hello\0World", 11)) + << QString(); +} + +void tst_QAsn1Element::string() +{ + QFETCH(QAsn1Element, element); + QFETCH(QString, value); + + QCOMPARE(element.toString(), value); +} + QTEST_MAIN(tst_QAsn1Element) #include "tst_qasn1element.moc"