Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-91870

QDecompressHelper's archive bomb minimum limit should be adjustable

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 6.2
    • Fix Version/s: 6.2.0 Alpha
    • Component/s: Network: HTTP
    • Labels:
      None
    • Platform/s:
      All
    • Technical Risk:
      Normal
    • Commits:
      69982182a394618d4f121d2938d7d76196fe78f6 (qt/qtbase/dev)
    • Story Points:
      5
    • Sprint:
      Qt6_Foundation_Sprint 34

      Description

      Preferably on a per-request basis it should be possible to set the minimum size before the archive bomb checker kicks in. Currently it's 10MB, but for a 'trusted website' users may want to increase it if they know some files may have 'suspicious' decompression ratios. Or they know the systems their code will run on is guaranteed to have more RAM available than this so decompressing e.g. >100MB of an archive bomb would not be considered a problem.

        Attachments

          Issue Links

          For Gerrit Dashboard: QTBUG-91870
          # Subject Branch Project Status CR V

            Activity

              People

              Assignee:
              manordheim Mårten Nordheim
              Reporter:
              manordheim Mårten Nordheim
              PM Owner:
              Vladimir Minenko Vladimir Minenko
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes