Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-23573

QSslCertificate::fromPath uses broken regular expressions which causes it to ignore the path parameter in some cases

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3: Somewhat important
    • Resolution: Done
    • Affects Version/s: 4.8.0
    • Fix Version/s: 5.0.0
    • Component/s: Network: SSL
    • Labels:
      None
    • Commits:
      6c59cdecee42dad1e100857314d28a3d8279a164

      Description

      commit 20a39c16f236f999cd1694cdc47a3739efcbbfe4
      Added a

      [^\\]

      to the regular expression looking for wildcard symbols to determine the pathPrefix in line 542 of network/ssl/qsslcertificate.cpp

      path.indexOf(QRegExp(QLatin1String("[^\\][\\*\\?\\[\\]]")));
      

      This was probably intended to be [^\\\\] as this currently breaks the regular expression by escaping the ].

      So a match is made at the first position causing pos in that function to be 0 and always doing the lookup
      in the working directory and not in path. This can be extremly nasty as a dirIterator is created on that pathprefix walking over all file names. Depending on your starting directory this can cause the iterator to walk over your complete disk and i experienced extreme delays on Windows.

      Example:

        const int idx1 = QString("abcde/*").indexOf(QRegExp(QLatin1String("[^\\][\\*]")));
        qDebug() << "index of unescaped star=" << idx1; // returns 0.
      

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            xcm Martin Petersson (Inactive)
            Reporter:
            aheinecke A. Heinecke
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes