Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-48123

QWebSocketServer DoS while parsing a malformed WebSocket handshake

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 5.6.0 RC
    • 5.5.0
    • WebSockets
    • None
    • Tested on Xubuntu 14.04 with Qt 5.5.
    • 12e424f241b29ef26ad2a3a70740d8b320e9e85a

    Description

      QWebSocketServer is vulnerable to a DoS attack caused by improper parsing of WebSocket handshake. This happens because QWebSocketServer attempts to read from the client until a newline is encountered. If no newline is sent it will read data from the client until all available memory is consumed.

      Addendum: when valid header lines are sent (terminated by CRLF), but when no blank line is sent (double CRLF), then the same behaviour occurs.

      Attachments

        For Gerrit Dashboard: QTBUG-48123
        # Subject Branch Project Status CR V
        125189,2 Fix DoS vulnerability 5.5 qt/qtwebsockets Status: MERGED +2 0

        Activity

          People

            kurt.pattyn Kurt Pattyn
            kurt.pattyn Kurt Pattyn
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes