projects / contrib / qtwebsockets.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c4cbf5) | patch
Check on newline characters in origin and urls
authorKurt Pattyn <pattyn.kurt@gmail.com>
Mon, 10 Feb 2014 20:33:25 +0000 (21:33 +0100)
committerThe Qt Project <gerrit-noreply@qt-project.org>
Tue, 11 Feb 2014 11:46:40 +0000 (12:46 +0100)
commitde92bb09b12ff95bc9d03f930f54463a336f6263
tree684e2f563be156d54fd3acbefd8bd37f68067e4ftree | snapshot
parent4c4cbf55f0a2e3d634b558079e48774937dd5773commit | diff
Check on newline characters in origin and urls

New line characters (\r\n) in the resource part of a url and in the origin
string can be used to forge the http header and can lead to insertion of
unwanted header entries. This can be an indication of an attack,
so QWebSocket immediately refuses a connection.

Change-Id: I9cdb309bfbe7025ad675925e6ea3e038476a1fd6
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@digia.com>
src/websockets/qwebsocket.cpp diff | blob | history
src/websockets/qwebsocket_p.cpp diff | blob | history
src/websockets/qwebsockethandshakeresponse.cpp diff | blob | history
tests/auto/qwebsocket/tst_qwebsocket.cpp diff | blob | history
Domain: SCM / Uncategorized;