1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

QDataStream & QResource: document their lack of security-hardening

Browse Source 
Pick-to: 6.6 6.5
Fixes: QTBUG-120012
Task-number: QTBUG-119178
Change-Id: I6e2677aad2ab45759db2fffd17a06af730e320d6
Reviewed-by: Ievgenii Meshcheriakov <ievgenii.meshcheriakov@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
(cherry picked from commit e696bec76e4f852cb28f27c50c95d3504fba559e)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Thiago Macieira 2023-12-13 11:37:48 -03:00 committed by Qt Cherry-pick Bot
parent e4c533c336
commit 60d60dba77
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/corelib/io/qresource.cpp
View File

@ -233,6 +233,19 @@ static inline ResourceList *resourceList()
itself will be unmapped from memory when the last QResource that points itself will be unmapped from memory when the last QResource that points
to it is destroyed. to it is destroyed.
\section2 Corruption and Security
The QResource class performs some checks on the file passed to determine
whether it is supported by the current version of Qt. Those tests are only
to check the file header does not request features (such as Zstandard
decompression) that have not been compiled in or that the file is not of a
future version of Qt. They do not confirm the validity of the entire file.
QResource should not be used on files whose provenance cannot be trusted.
Applications should be designed to attempt to load only resource files
whose provenance is at least as trustworthy as that of the application
itself or its plugins.
\sa {The Qt Resource System}, QFile, QDir, QFileInfo \sa {The Qt Resource System}, QFile, QDir, QFileInfo
*/ */

21
src/corelib/serialization/qdatastream.cpp
View File

@ -164,6 +164,27 @@ QT_BEGIN_NAMESPACE
If no full packet is received, this code restores the stream to the If no full packet is received, this code restores the stream to the
initial position, after which you need to wait for more data to arrive. initial position, after which you need to wait for more data to arrive.
\section1 Corruption and Security
QDataStream is not resilient against corrupted data inputs and should
therefore not be used for security-sensitive situations, even when using
transactions. Transactions will help determine if a valid input can
currently be decoded with the data currently available on an asynchronous
device, but will assume that the data that is available is correctly
formed.
Additionally, many QDataStream demarshalling operators will allocate memory
based on information found in the stream. Those operators perform no
verification on whether the requested amount of memory is reasonable or if
it is compatible with the amount of data available in the stream (example:
demarshalling a QByteArray or QString may see the request for allocation of
several gigabytes of data).
QDataStream should not be used on content whose provenance cannot be
trusted. Applications should be designed to attempt to decode only streams
whose provenance is at least as trustworthy as that of the application
itself or its plugins.
\sa QTextStream, QVariant \sa QTextStream, QVariant
*/ */