Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-38739

Provide more robust checking of illegal HTTP field values

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • P3: Somewhat important
    • None
    • 5.3.0 Beta1
    • WebSockets
    • None

    Description

      The checking on HTTP field values in QWebSocketPrivate::createHandshakeRequest() is too optimistic. It only checks if the value contains a '\r\n' sequence. This is not sufficient. The HTTP standard defines more illegal characters.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. QTBUG-80700 QWebSockets: Share/improve header-parsing code

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              oyheskes Øystein Heskestad
              kurt.pattyn Kurt Pattyn
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes