AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add input check for QSslSocket::setPrivateKey

Browse Source 
[ChangeLog][QtNetwork][QSslSocket] Added runtime validation of the SSL
private key when it is loaded through a file path.

Task-number: QTBUG-72016
Change-Id: Ie92c3a2fbf3ba896c4c838e03d677426be56a5db
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Samuel Gaist <samuel.gaist@idiap.ch>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
This commit is contained in:
Konstantin Shegunov 2019-02-19 23:53:58 +02:00
parent 6bb22c12a6
commit c212128a67
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/network/ssl/qsslsocket.cpp
View File

@ -1209,12 +1209,21 @@ void QSslSocket::setPrivateKey(const QSslKey &key)
void QSslSocket::setPrivateKey(const QString &fileName, QSsl::KeyAlgorithm algorithm,
QSsl::EncodingFormat format, const QByteArray &passPhrase)
{
Q_D(QSslSocket);
QFile file(fileName);
if (file.open(QIODevice::ReadOnly)) {
d->configuration.privateKey = QSslKey(file.readAll(), algorithm,
format, QSsl::PrivateKey, passPhrase);
if (!file.open(QIODevice::ReadOnly)) {
qCWarning(lcSsl, "QSslSocket::setPrivateKey: Couldn't open file for reading");
return;
}
QSslKey key(file.readAll(), algorithm, format, QSsl::PrivateKey, passPhrase);
if (key.isNull()) {
qCWarning(lcSsl, "QSslSocket::setPrivateKey: "
"The specified file does not contain a valid key");
return;
}
Q_D(QSslSocket);
d->configuration.privateKey = key;
}
/*!